EUVD-2024-54379

Malicious code in bioql PyPI...

CVE-2024-45551

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass...

CVE-2024-45551

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass...

CVE-2024-45551 Weak Authentication in HLOS

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass...

CVE-2024-45551 Weak Authentication in HLOS

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass...

CVE-2024-45551

CVE-2024-45551 targets Qualcomm closed‑source components (Gatekeeper) and describes a cryptographic issue during PIN/password verification. The vulnerability arises when RPMB writes can be dropped on verification failure, potentially enabling a user throttling bypass. The available sources confir...

Yubico YubiKey 安全漏洞

Yubico YubiKey is a hardware authentication device from the Swedish company Yubico. A security vulnerability exists in Yubico YubiKey versions 5.4.1 through 5.7.3, which stems from an incorrect implementation of the FIDO CTAP PIN/UV Auth Protocol Two, which could lead to partial signature...

SUSE CVE-2020-8236

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...

CVE-2020-8236

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...

Interesting Attack on the EMV Smartcard Payment Standard

Its complicated, but its basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able...

New PIN Verification Bypass Flaw Affects Visa Contactless Payments

Even as Visa issued a warning about a new JavaScript web skimmer known as Baka, cybersecurity researchers have uncovered an authentication flaw in the company's EMV enabled payment cards that permits cybercriminals to obtain funds and defraud cardholders as well as merchants illicitly. The...

CVE-2017-17435

An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request,...

How Hackers Can Hack Your Chip-and-PIN Credit Cards

October 1, 2015, was the end of the deadline for U.S. citizens to switch to Chip-enabled Credit Cards for making the transactions through swipe cards safer. Now, a group of French forensics researchers have inspected a real-world case in which criminals played smart in such a way that they did a...

SecurityAdvisory 2015-04-14

The source code contains a logical flaw related to user PIN aka PW1 verification that allows an attacker with local host privileges and/or physical proximity NFC to perform security operations without knowledge of the user’s PIN code...

Grand MA 300 Fingerprint Reader Weak PIN Verification

=== LSE Leading Security Experts GmbH - Security Advisory 2014-07-13 === Grand MA 300 Fingerprint Reader - Weak Pin Verification ------------------------------------------------------------------------ Affected Versions ================= Grand MA 300/ID with firmware 6.60 Issue Overview...

LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification

=== LSE Leading Security Experts GmbH - Security Advisory 2014-07-13 === Grand MA 300 Fingerprint Reader - Weak Pin Verification ------------------------------------------------------------------------ Affected Versions ================= Grand MA 300/ID with firmware 6.60 Issue Overview...

Amtote Homebet - Account Information Brute Force

Amtote Homebet - Account Information Brute Force source: https://www.securityfocus.com/bid/3371/info Homebet is an internet based betting application that is developed by Amtote International. A vulnerability exists in Homebet which could enable a non-registered user to confirm the validity of...