Lucene search
K

1378 matches found

OSV
OSV
added 2022/05/02 10:15 p.m.1 views

CVE-2022-23723

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

7.7CVSS5.8AI score0.00824EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.4 views

Ping Identity PingFederate授权问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. Ping Identity PingFederate has a security vulnerability that originates from an MFA bypass vulnerability in the PingOne MFA Integration Toolkit when an adapter HTML template is...

7.7CVSS7.4AI score0.00824EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/05/02 12:0 a.m.5 views

PT-2022-16228 · Ping Identity · Pingfederate Pingone Mfa Integration Kit

Name of the Vulnerable Software and Affected Versions: PingFederate PingOne MFA Integration Kit affected versions not specified Description: An MFA bypass issue exists when adapter HTML templates are used as part of an authentication flow. This allows for potential bypass of multi-factor...

7.7CVSS7.6AI score0.00824EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/04/30 12:0 a.m.7 views

PT-2022-11522 · Ping Identity · Pingid Windows Login

Name of the Vulnerable Software and Affected Versions: PingID Windows Login versions prior to 2.7 Description: A misconfiguration of RSA in PingID Windows Login is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. Recommendations: For versions prior to 2.7, update t...

7.7CVSS5.5AI score0.0047EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/04/30 12:0 a.m.6 views

Ping Identity Desktop 安全漏洞

Ping Identity Desktop is a software for authentication from Ping Identity. A security vulnerability exists in PingID Desktop versions prior to 1.7.3, which stems from a misconfiguration in the cryptographic library. An attacker exploiting this vulnerability may be able to successfully complete an...

9.9CVSS8.3AI score0.00472EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/30 12:0 a.m.7 views

Ping Identity iOS App 安全特征问题漏洞

Ping Identity iOS App is a mobile app for authentication from Ping Identity. A security vulnerability exists in Ping Identity iOS App versions prior to 1.19, which stems from a misconfigured RSA that is susceptible to a pre-computed dictionary attack, leading to a bypass of the offline MFA when...

6.6CVSS5.2AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/30 12:0 a.m.8 views

PT-2022-11528 · Ping Identity · Pingid Desktop

Name of the Vulnerable Software and Affected Versions: PingID Desktop versions prior to 1.7.3 Description: The issue is related to a misconfiguration in the encryption libraries of PingID Desktop, which can lead to sensitive data exposure. An attacker capable of exploiting this issue may be able ...

9.9CVSS9.2AI score0.00472EPSS
Exploits0References6
Imperva Blog
Imperva Blog
added 2022/04/27 12:28 p.m.19 views

6 Best Data Security Practices You Can Start Today

Given the dramatic increases in the volume and frequency of data theft due to breaches and the increased threat of cyberattacks resulting from current conflicts, organizations worldwide are prioritizing tactical and strategic efforts to shore up their data security. Here are six best practices yo...

0.4AI score
Exploits0
ThreatPost
ThreatPost
added 2022/04/25 1:32 p.m.40 views

Lapsus$ Hackers Target T-Mobile

T-Mobile confirmed that the extortion group Lapsus$ gains access to their system “several weeks ago”. The telecom giant responded to a report by a journalist Brian Krebs, who accessed the internal chats from the private Telegram channel of the core Lapsus$ gang members. The company added that it...

7.4AI score
Exploits0References11
The Hacker News
The Hacker News
added 2022/04/25 4:51 a.m.42 views

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide

The U.S. Federal Bureau of Investigation FBI is sounding the alarm on the BlackCat ransomware-as-a-service RaaS, which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and Noberus, the malware is notable for being the...

0.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/04/22 8:48 p.m.25 views

Improper Authentication in django-mfa3

Impact django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication ca...

8.8CVSS3AI score0.01068EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/04/22 8:48 p.m.20 views

GHSA-3R7G-WRPR-J5G4 Improper Authentication in django-mfa3

Impact django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication ca...

8.5CVSS7.9AI score0.01068EPSS
Exploits0References7
hivepro
hivepro
added 2022/04/22 2:34 p.m.331 views

Hive Ransomware targets organizations with ProxyShell exploit

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Hive Ransomware has been active since its discovery in June 2021, and it is constantly deploying different backdoors, including the Cobalt Strike beacon, on Microsoft Exchange servers that are vulnerable to ProxyShell...

10CVSS0.4AI score0.99999EPSS
Exploits18
Malwarebytes
Malwarebytes
added 2022/04/19 1:56 p.m.16 views

North Korean Lazarus APT group targets blockchain tech companies

A new advisory issued by the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the US Treasury Department Treasury, highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced...

7.6AI score
Exploits0
Veracode
Veracode
added 2022/04/19 5:46 a.m.16 views

Authentication Bypass

djangomfa3 is vulnerable to authentication bypass. The vulnerability exists in admin.py when django-mfa3 and django.contrib.admin are activated because the login review for admin area doesn't support multi-factor authentication which allows an attacker to access admin login view...

8.8CVSS4.6AI score0.01068EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/04/15 7:15 p.m.40 views

CVE-2022-24857

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

8.8CVSS0.01068EPSS
Exploits0References4
Prion
Prion
added 2022/04/15 7:15 p.m.19 views

Design/Logic Flaw

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

6.5CVSS8.7AI score0.01068EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2022/04/15 7:15 p.m.8 views

PYSEC-2022-192

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

8.8CVSS7.1AI score0.01068EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/15 7:15 p.m.40 views

PYSEC-2022-192

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

8.8CVSS4.3AI score0.01068EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/15 6:50 p.m.51 views

CVE-2022-24857 Multi factor authentication bypass in django-mfa3

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

7.3CVSS9AI score0.01068EPSS
Exploits0References4
Rows per page
Query Builder