63 matches found
CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
CVE-2023-35866
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...
JFrog Artifactory 安全漏洞
JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog Jfrog that supports clustering and high-availability Docker registries and provides an end-to-end automation solution for tracking artifacts from development to production.JFrog Artifactory...
Insecure Session Management
keycloak-core uses an insecure session management. The application does not require re-authentication upon a successful password change. in the event where an existing session can be obtained by an attacker, a password change will not cause the attacker's session to be invalidated...
Keycloak Missing authentication for critical function
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...
CVE-2021-20262
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...
CVE-2021-20262
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...
Design/Logic Flaw
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...
CVE-2021-20262
CVE-2021-20262 affects Keycloak 12.0.0 where re-authentication is not required when updating a password, potentially allowing account takeover if an attacker can obtain temporary, physical access to a user’s browser. The issue has implications for confidentiality, integrity, and availability as d...
CVE-2021-20262
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...
Red Hat Keycloak 访问控制错误漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from a re-authentication not occurring when a password is updated. An attacker...
Khan Academy: Information can be changed without a password
If a user has access to a logged in session on Khan Academy, they are able to conduct a full account takeover. This is due to the fact that a new email address can be added to an account without a method of re-authentication. Once this email address has been added, the attacker can simply logout...
Improper access control
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover...
CVE-2019-12468
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication...
CVE-2018-15334
A cross-site request forgery CSRF vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication...
CVE-2018-15334
A cross-site request forgery CSRF vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication...
Generate Security Keys warning on Storefront management console
Question:Is the warning to generate new security keys related to the Server certificate used for storefront base URL? Answer: No, this warning is not related to the server certificate used for storefront base URL. This indicates that the Self-Signed certificates generated by storefront are expire...
CVE-2014-2338
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKESA during 1 initiation or 2 re-authentication, which triggers the IKESA state to be set to established...
Debian Security Advisory DSA 2903-1 (strongswan - security update)
An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association IKESA handled some state transitions incorrectly. An attacker can trigger the vulnerability by rekeying an unestablished IKE...