Lucene search
+L

4 matches found

CVE
CVE
added 2024/12/30 4:46 p.m.60 views

CVE-2024-56733

CVE-2024-56733 affects Password Pusher (versions ≤ 1.50.3). A vulnerability allows an attacker to copy the session cookie before logout, potentially enabling session hijacking until the token expires or is cleared. Root cause centers on accessing an active session cookie (e.g., MITM, XSS, or loca...

5.7CVSS5.5AI score0.00209EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.4 views

PT-2024-72: Weakness of password policy in Password Pusher

The vulnerability was identified in Password Pusher versions prior to 1.49.0. The application allows users to set weak and easily bruteforced passwords. The discovered vulnerability allows attackers to bruteforce the password and gain access to the application with privileges of the corresponding...

6.9CVSS6.6AI score0.00522EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.4 views

PT-2024-74: Incorrect session termination in Password Pusher

The vulnerability was identified in Password Pusher versions prior to 1.48.0. The application incorrectly terminates the session and allows attacker to reuse session credentials to obtain user information. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 04.11.2024...

5.9CVSS5.7AI score0.00209EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.5 views

PT-2024-73: Unlimited session lifetime in Password Pusher

The vulnerability was identified in Password Pusher versions prior to 1.48.0. The application does not limit the storage time of the session identifier or credentials, or this time is excessively long. An attacker can reuse old credentials or session identifiers to log in as another user and gain...

8.8CVSS7.5AI score
Exploits0
Rows per page
Query Builder