MyTaag 安全漏洞

MyTaag is a digital business card platform from MyTaag, Inc. designed to help users create, manage and share their professional identities online. A security vulnerability exists in MyTaag v.2024-11-24 and prior versions, which stems from a second factor activated via the /session endpoint...

[SECURITY] [DLA 4040-1] pam-u2f security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4040-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 03, 2025 https://wiki.debian.org/LTS -...

Yubico pam-u2f 安全漏洞

Yubico pam-u2f is a pluggable authentication module for U2F and FIDO2 from Yubico. A security vulnerability exists in Yubico pam-u2f versions prior to 1.3.1 that stems from allowing authentication to be bypassed in certain configurations, where local elevation of privilege may occur...

CVE-2024-9999

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

CVE-2024-9999

CVE-2024-9999 affects Progress WS_FTP Server prior to version 8.8.9 (2022.0.9). The root cause is an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing bypass of the second-factor verification and login with username and password only. Impact described i...

CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

Progress Software WS_FTP Server 安全漏洞

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, Inc. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.9 that stems from an incorrect implementation of the authentication algorithm in the Web Transfer...

CVE-2024-51561

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process...

PT-2024-34705 · Aero · Aero

Name of the Vulnerable Software and Affected Versions: Aero affected versions not specified Description: This issue exists due to improper implementation of the OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this by intercepting and manipulating...

CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.8 2022.0.8, a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

Progress Software Ipswitch WS_FTP Server 安全漏洞

Progress Software Ipswitch WSFTP Server is a suite of FTP server software from Progress Software, Inc. that provides file transfer control, transfer encryption, and other features. A security vulnerability exists in Progress Software Ipswitch WSFTP Server versions prior to 8.8.8. An attacker can...

PT-2024-38553 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8.8 Description: A missing critical step in the multi-factor authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

Advisory ROSA-SA-2024-2456

Software: selinux-policy 3.14.3 OS: ROSA Virtualization 2.1 packageevrstring: selinux-policy-3.14.3 CVE-ID: CVE-2020-24612 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem was detected in the selinux-policy package because the .config/Yubico directory is not handled correctly. Consequently, whe...

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords OTPs for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore MAS and the...

CVE-2023-40702

PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate a...

CVE-2023-40356 PingOne MFA Integration Kit MFA bypass

PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s...

PT-2024-5353 · Securepoint · Securepoint Utm

Name of the Vulnerable Software and Affected Versions: Securepoint UTM versions 11.5 through 12.6.4 Securepoint UTM Reseller Preview version 12.7.0 Description: The issue is related to the authentication system of Securepoint UTM, specifically with the handling of One-Time Password OTP keys. This...

UBUNTU-CVE-2024-28833

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms...

Incorrect Access Control

org.keycloak, keycloak-services is vulnerable to Incorrect Access Control. The vulnerability is due to inadequate validation of client step-up authentication in the Keycloak library. It allows a password-authenticated attacker to add a false second authentication factor to an account, enabling...

GHSA-4F53-XH3V-G8X4 Keycloak secondary factor bypass in step-up authentication

Keycloak does not correctly validate its client step-up authentication. A password-authed attacker could use this flaw to register a false second auth factor, alongside the existing one, to a targeted account. The second factor then permits step-up authentication...