1378 matches found
CVE-2022-23723
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...
Ping Identity PingFederate授权问题漏洞
Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. Ping Identity PingFederate has a security vulnerability that originates from an MFA bypass vulnerability in the PingOne MFA Integration Toolkit when an adapter HTML template is...
PT-2022-16228 · Ping Identity · Pingfederate Pingone Mfa Integration Kit
Name of the Vulnerable Software and Affected Versions: PingFederate PingOne MFA Integration Kit affected versions not specified Description: An MFA bypass issue exists when adapter HTML templates are used as part of an authentication flow. This allows for potential bypass of multi-factor...
PT-2022-11522 · Ping Identity · Pingid Windows Login
Name of the Vulnerable Software and Affected Versions: PingID Windows Login versions prior to 2.7 Description: A misconfiguration of RSA in PingID Windows Login is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. Recommendations: For versions prior to 2.7, update t...
Ping Identity Desktop 安全漏洞
Ping Identity Desktop is a software for authentication from Ping Identity. A security vulnerability exists in PingID Desktop versions prior to 1.7.3, which stems from a misconfiguration in the cryptographic library. An attacker exploiting this vulnerability may be able to successfully complete an...
Ping Identity iOS App 安全特征问题漏洞
Ping Identity iOS App is a mobile app for authentication from Ping Identity. A security vulnerability exists in Ping Identity iOS App versions prior to 1.19, which stems from a misconfigured RSA that is susceptible to a pre-computed dictionary attack, leading to a bypass of the offline MFA when...
PT-2022-11528 · Ping Identity · Pingid Desktop
Name of the Vulnerable Software and Affected Versions: PingID Desktop versions prior to 1.7.3 Description: The issue is related to a misconfiguration in the encryption libraries of PingID Desktop, which can lead to sensitive data exposure. An attacker capable of exploiting this issue may be able ...
6 Best Data Security Practices You Can Start Today
Given the dramatic increases in the volume and frequency of data theft due to breaches and the increased threat of cyberattacks resulting from current conflicts, organizations worldwide are prioritizing tactical and strategic efforts to shore up their data security. Here are six best practices yo...
Lapsus$ Hackers Target T-Mobile
T-Mobile confirmed that the extortion group Lapsus$ gains access to their system “several weeks ago”. The telecom giant responded to a report by a journalist Brian Krebs, who accessed the internal chats from the private Telegram channel of the core Lapsus$ gang members. The company added that it...
FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide
The U.S. Federal Bureau of Investigation FBI is sounding the alarm on the BlackCat ransomware-as-a-service RaaS, which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and Noberus, the malware is notable for being the...
Improper Authentication in django-mfa3
Impact django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication ca...
GHSA-3R7G-WRPR-J5G4 Improper Authentication in django-mfa3
Impact django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication ca...
Hive Ransomware targets organizations with ProxyShell exploit
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Hive Ransomware has been active since its discovery in June 2021, and it is constantly deploying different backdoors, including the Cobalt Strike beacon, on Microsoft Exchange servers that are vulnerable to ProxyShell...
North Korean Lazarus APT group targets blockchain tech companies
A new advisory issued by the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the US Treasury Department Treasury, highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced...
Authentication Bypass
djangomfa3 is vulnerable to authentication bypass. The vulnerability exists in admin.py when django-mfa3 and django.contrib.admin are activated because the login review for admin area doesn't support multi-factor authentication which allows an attacker to access admin login view...
CVE-2022-24857
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...
Design/Logic Flaw
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...
PYSEC-2022-192
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...
PYSEC-2022-192
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...
CVE-2022-24857 Multi factor authentication bypass in django-mfa3
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...