1378 matches found
Discord.io confirms theft of 760,000 members' data
Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future."...
CVE-2023-40260
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...
CVE-2023-40260
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...
CVE-2023-40260
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...
CVE-2023-35179
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action...
CVE-2023-35179
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action...
Design/Logic Flaw
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action...
PT-2023-27351 · Empowerid · Empowerid
Name of the Vulnerable Software and Affected Versions: EmpowerID versions prior to 7.205.0.1 Description: The issue allows an attacker to bypass a multi-factor authentication MFA requirement if the first factor, which includes the username and password, is known. This is possible because knowing...
CVE-2023-40260
EmpowerID prior to 7.205.0.1 is vulnerable to an MFA bypass: if an attacker knows the first factor (username/password), they can change the account’s email address and then receive MFA codes at the attacker-controlled email. This is documented across multiple sources (NVD/Red Hat entries and thir...
CVE-2023-35179
SolarWinds Serv-U 15.4 (including Hotfixes HF1/HF2) contains an authentication bypass vulnerability that enables an administrator with access to bypass multi-factor authentication. The CVE describes a MFA bypass with high impact on confidentiality, integrity, and availability. The documents provi...
CVE-2023-35179 2FA/MFA Bypass Vulnerability in Serv-U 15.4
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action...
Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives
Threat actors are increasingly using a phishing-as-a-service PhaaS toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft...
SolarWinds Serv-U FTP Server Access Control Error Vulnerability
SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the U.S. company SolarWinds. An access control error vulnerability exists in SolarWinds Serv-U FTP Server version 15.4, which can be exploited by an attacker to bypass multi-factor/two-factor authentication...
PT-2023-25189 · Serv-U · Serv-U
Name of the Vulnerable Software and Affected Versions: Serv-U version 15.4 Description: A vulnerability has been identified that allows an actor to bypass multi-factor or two-factor authentication. The actor must have administrator-level access to perform this action. Recommendations: For Serv-U...
CVE-2023-4177
A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The...
CVE-2023-4177
A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The...
Information disclosure
A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The...
CVE-2023-4177 EmpowerID Multi-Factor Authentication Code information disclosure
A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The...
CVE-2023-4177
CVE-2023-4177 affects EmpowerID up to version 7.205.0.0, involving unknown processing within the Multi-Factor Authentication Code Handler that can lead to information disclosure. The issue has high confidentiality impact with low attack complexity and low privileges required; exploitation is desc...
PT-2023-28086 · Empowerid · Empowerid
Name of the Vulnerable Software and Affected Versions: EmpowerID versions up to 7.205.0.0 Description: A problem was found in the Multi-Factor Authentication Code Handler component, which can lead to information disclosure. The complexity of an attack is rather high and the exploitation is known ...