Lucene search
K

63 matches found

NVD
NVD
added 2023/09/21 4:15 p.m.23 views

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

8.1CVSS6.2AI score0.00571EPSS
Exploits0References5
OSV
OSV
added 2023/06/19 12:0 a.m.8 views

CVE-2023-35866

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...

5.5CVSS6.9AI score0.00239EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/03/02 12:0 a.m.3 views

JFrog Artifactory 安全漏洞

JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog Jfrog that supports clustering and high-availability Docker registries and provides an end-to-end automation solution for tracking artifacts from development to production.JFrog Artifactory...

5.5CVSS5.8AI score0.00623EPSS
Exploits0References3
Veracode
Veracode
added 2021/03/15 9:57 a.m.28 views

Insecure Session Management

keycloak-core uses an insecure session management. The application does not require re-authentication upon a successful password change. in the event where an existing session can be obtained by an attacker, a password change will not cause the attacker's session to be invalidated...

6.8CVSS2.9AI score0.00329EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 9:33 p.m.68 views

Keycloak Missing authentication for critical function

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

6.8CVSS6.1AI score0.00329EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/03/09 6:15 p.m.19 views

CVE-2021-20262

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

6.8CVSS6.2AI score
Exploits0References1
NVD
NVD
added 2021/03/09 6:15 p.m.14 views

CVE-2021-20262

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

6.8CVSS0.00329EPSS
Exploits0References1
Prion
Prion
added 2021/03/09 6:15 p.m.17 views

Design/Logic Flaw

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

4.6CVSS6.3AI score0.00329EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/03/09 5:19 p.m.112 views

CVE-2021-20262

CVE-2021-20262 affects Keycloak 12.0.0 where re-authentication is not required when updating a password, potentially allowing account takeover if an attacker can obtain temporary, physical access to a user’s browser. The issue has implications for confidentiality, integrity, and availability as d...

6.8CVSS6.2AI score0.00329EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/03/09 5:19 p.m.14 views

CVE-2021-20262

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

6.5AI score0.00329EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/09 12:0 a.m.6 views

Red Hat Keycloak 访问控制错误漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from a re-authentication not occurring when a password is updated. An attacker...

6.8CVSS5.6AI score0.00329EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/10/23 8:11 p.m.16 views

Khan Academy: Information can be changed without a password

If a user has access to a logged in session on Khan Academy, they are able to conduct a full account takeover. This is due to the fact that a new email address can be added to an account without a method of re-authentication. Once this email address has been added, the attacker can simply logout...

0.3AI score
Exploits0
Prion
Prion
added 2019/07/10 3:15 p.m.16 views

Improper access control

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover...

7.5CVSS9.3AI score0.03427EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2019/07/10 2:58 p.m.27 views

CVE-2019-12468

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover...

7.6AI score0.03427EPSS
Exploits0References5
Prion
Prion
added 2018/12/28 3:29 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication...

4.3CVSS4.7AI score0.00734EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/12/28 3:29 p.m.20 views

CVE-2018-15334

A cross-site request forgery CSRF vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication...

4.3CVSS4.6AI score0.00734EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/12/28 3:0 p.m.26 views

CVE-2018-15334

A cross-site request forgery CSRF vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication...

4.7AI score0.00734EPSS
Exploits0References2
Citrix
Citrix
added 2016/09/26 12:0 a.m.10 views

Generate Security Keys warning on Storefront management console

Question:Is the warning to generate new security keys related to the Server certificate used for storefront base URL? Answer: No, this warning is not related to the server certificate used for storefront base URL. This indicates that the Self-Signed certificates generated by storefront are expire...

6.7AI score
Exploits0
Debian CVE
Debian CVE
added 2014/04/16 6:0 p.m.32 views

CVE-2014-2338

IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKESA during 1 initiation or 2 re-authentication, which triggers the IKESA state to be set to established...

6.4CVSS6.6AI score0.02381EPSS
Exploits1
OpenVAS
OpenVAS
added 2014/04/14 12:0 a.m.34 views

Debian Security Advisory DSA 2903-1 (strongswan - security update)

An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association IKESA handled some state transitions incorrectly. An attacker can trigger the vulnerability by rekeying an unestablished IKE...

6.4CVSS0.02381EPSS
Exploits1References1
Rows per page
Query Builder