63 matches found
CVE-2026-3429 Org.keycloak.services.resources.account: improper access control leading to mfa deletion and account takeover in keycloak account rest api
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered...
CVE-2024-34082
Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password res...
CVE-2019-16674
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network...
IBM Aspera Orchestrator Unverified Password Change Vulnerability
IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. An unauthenticated password change vulnerability exists in IBM Aspera Orchestrator, which can be exploited by an attacker to make unauthorized changes to other users' passwords...
EUVD-2006-7019
Malware in sbrugna...
EUVD-2006-3828
Malware in sbrugna...
EUVD-2025-18194
Malicious code in bioql PyPI...
EUVD-2023-49950
Malicious code in bioql PyPI...
CVE-2025-27458
The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses...
CVE-2025-24517
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication...
Linux Distros Unpatched Vulnerability : CVE-2015-1308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access t...
Fortinet FortiWeb Multiple cryptographic flaws allow for full LDAP and RADIUS passwords compromise (FG-IR-20-222)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-222 advisory. - A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox...
CVE-2024-20419
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...
4 Ways Hackers use Social Engineering to Bypass MFA
When it comes to access security, one recommendation stands out above the rest: multi-factor authentication MFA. With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can...
CVE-2023-6254 Password is send back to client
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...
Design/Logic Flaw
An exposure of sensitive information to an unauthorized actor CWE-200 in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs...
CVE-2023-29974
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements...
CVE-2023-45659
Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixe...
PT-2023-29633 · Unknown · Engelsystem
Name of the Vulnerable Software and Affected Versions: Engelsystem affected versions not specified Description: Engelsystem is a shift planning system for chaos events. If a user's password is compromised and an attacker gains access to the user's account, the attacker's session is not terminated...
Employee Task Management System 1.0 Privilege Escalation Vulnerability
Employee Task Management System - Broken Authentication leads to compromise of all application accounts by changing the password CVE Assigned: CVE-2023-0905 mitre.org, nvd.nist.org Author Email: email protected Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task Managemen...