4 matches found
CVE-2026-54036 LibreChat: 2FA Re-enrollment Allows Full Account 2FA Takeover Without OTP Verification
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...
CVE-2022-22218 Junos OS: SRX Series: Upon processing of a genuine packet the pkid process will crash during CMPv2 auto-re-enrollment
On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 CMPv2 auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service DoS by crashing the pkid process. The pkid process cannot...
Juniper Junos OS Vulnerability (JSA69901)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69901 advisory. - On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 CMPv2 auto re-enrollment, allows a...
Secure Hub Authentication Loop with Pin configured
The article summarizes on how to resolve the Secure Hub authentication loop with Pin and symptoms would be like below: Secure Hub prompts user about connection being expired and asks for re-authentication with PIN. After PIN has been given, Secure Hub prompts for PIN again. Only workaround is to...