Lucene search
+L

43 matches found

Cvelist
Cvelist
added 2025/06/26 6:2 p.m.10 views

CVE-2025-53013 Himmelblau offline auth permits authentication with invalid Hello PIN

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

5.2CVSS0.00202EPSS
Exploits0References3
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/09/30 5:25 a.m.7 views

How can you protect your data, privacy, and finances if your phone gets lost or stolen?

Steps to take when your device is lost or stolen TL;DR This is a guide to help prepare for a situation where your mobile device is lost or stolen, including where it is stolen in an unlocked state. The post covers: Creating good habits in your digital life. Using available features to secure your...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/11/02 9:21 p.m.33 views

Should you allow your browser to remember your passwords?

At Malwarebytes weve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when youre just getting started. Once...

6.6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/09/20 3:15 p.m.3 views

CVE-2022-3916

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.5AI score0.00952EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.14 views

Cisco Duo Authentication for macOS Logon Offline Credentials Replay (cisco-sa-duo-replay-knuNKd)

According to its self-reported version, Cisco Duo Authentication for macOS is affected by a vulnerability. A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker...

6.3CVSS5.2AI score0.00247EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/04/05 11:0 p.m.7 views

CVE-2023-20123

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...

6.3CVSS5.9AI score0.00247EPSS
Exploits0References2
Prion
Prion
added 2023/04/05 7:15 p.m.17 views

Design/Logic Flaw

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...

2.1CVSS5AI score0.00247EPSS
Exploits0References1Affected Software2
Cisco
Cisco
added 2023/04/05 4:0 p.m.29 views

Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...

6.3CVSS5.8AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/05 12:0 a.m.21 views

CVE-2023-20123 Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...

6.3CVSS6.8AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.13 views

PT-2023-2213 · Cisco · Cisco Duo

Name of the Vulnerable Software and Affected Versions: Cisco Duo versions affected versions not specified Description: The issue is related to a vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication, which could allow an unauthenticated, physical attacker to replay valid...

6.3CVSS4.6AI score0.00247EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/03/01 10:2 p.m.25 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/01 9:58 p.m.13 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.5 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/13 2:4 p.m.6 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/13 2:3 p.m.36 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/13 2:3 p.m.23 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/13 2:2 p.m.6 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.4 views

PT-2022-24784 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in the offline access scope in Keycloak, affecting users of shared computers more, especially if cookies are not cleared. This issue is due to a lack of root session...

6.8CVSS5.9AI score0.00952EPSS
Exploits0References21
RedhatCVE
RedhatCVE
added 2022/11/09 6:25 p.m.42 views

CVE-2022-3916

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS3.4AI score0.00952EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.56 views

Red Hat Keycloak 代码问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak offlineaccess, which stems from a lack of root session authentication and reuse of session...

6.8CVSS6.4AI score0.00952EPSS
Exploits0References16
Rows per page
Query Builder