CVE-2021-41992

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

CVE-2025-53013

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

CVE-2025-53013

Summary (CVE-2025-53013, Himmelblau) : Versions 0.9.10–0.9.16 allow offline authentication to a Linux host via Himmelblau using an invalid Linux Hello PIN. The root cause is an incorrect handling in acquire_token_by_hello_for_business_key: offline, a TPMFail is expected for an invalid key, but a ...

CVE-2025-53013 Himmelblau offline auth permits authentication with invalid Hello PIN

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

PT-2025-27005

Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.9.10 through 0.9.16 Description: A vulnerability in Himmelblau allows a user to authenticate to a Linux host using an invalid Linux Hello PIN when the host is offline. This issue arises from an incorrect assumption in th...

SUSE CVE-2011-1758

The krb5saveccnamedone function in providers/krb5/krb5auth.c in System Security Services Daemon SSSD 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by...

CVE-2021-41995

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

CVE-2022-23719

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A...

CVE-2021-41994

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...

CVE-2011-1758

The krb5saveccnamedone function in providers/krb5/krb5auth.c in System Security Services Daemon SSSD 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by...

Fedora 13 : samba-3.5.5-68.fc13 (2010-14627)

---------------------------------------------------------------------- ---------- ChangeLog : - Thu Sep 9 2010 Guenther Deschner - 3.5.5-68 - Security Release, fixes CVE-2010-3069 - resolves: 630869 - Thu Aug 26 2010 Guenther Deschner - 3.5.4-67 - Put winbind krb5 locator plugin into a separate r...

Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass

Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: Offline Authentication Bypass Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta...

Max.Blog 1.0.6 Authentication Bypass

Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog Salvatore "drosophila" Fresta - Max.Blog...

Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass

No description provided by source. Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: Offline Authentication Bypass Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta...

Max.Blog 1.0.6 - offline_auth.php Offline Authentication Bypass

Max.Blog 1.0.6 - offlineauth.php Offline Authentication Bypass Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog Salvatore "drosophila" Fresta - Max.Blog /f...

Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass

Exploit for unknown platform in category web applications ================================================================== Max.Blog Salvatore "drosophila" Fresta - Max.Blog...

Max.Blog 1.0.6 - &#039;offline_auth.php&#039; Offline Authentication Bypass

Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog Salvatore "drosophila" Fresta - Max.Blog /bo...