3 matches found
GHSA-WC43-73W7-X2F5 Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Preconditions - The code login method is enabled with the passwordlessenabled flag set to true . - A 2FA method such as totp is enabled. - requiredaal of the whomai check or the settings flow is set to highestavailable. AAL stands for Authenticator Assurance Levels and can range from 0 no factor ...
Malicious code in otnet-ory-network-tests (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19a9ebfed32ec491b007a6c7e65f8ebae68d0acc3175b56442fa67e25fc916fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8555 Malicious code in otnet-ory-network-tests (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19a9ebfed32ec491b007a6c7e65f8ebae68d0acc3175b56442fa67e25fc916fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...