Duplicate setup of second factor allowed (NC-SA-2020-006)

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login...

Protect against BlueKeep

Worms are the cause of many cyber headaches. They can easily replicate themselves to spread malicious malware to other computers in your network. As the field responders providing Microsoft enterprise customers with onsite assistance to serious cybersecurity threats, our Detection and Response Te...

2FA Authentication Bypass

github.com/go-gitea/gitea is vulnerable to 2FA authentication bypass. 1FA authentication is performed for 2FA-enrolled users, allowing attackers who have obtained user credentials to gain access to the API without requiring the one-time password for the second factor authentication...

CVE-2019-6481

Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...

Design/Logic Flaw

Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...

CVE-2019-6481

Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...

CVE-2019-6481

Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...

CVE-2019-6481

CVE-2019-6481 affects Abine Blur 7.8.2431 via the Affected Chrome Plugin component, enabling a remote attacker to bypass second‑factor authentication by using a right‑click sequence to access a forgotten dev menu to insert user passwords that would normally require MFA approval. This mirrors the ...

Nextcloud Server Privilege Authentication Vulnerability (CNVD-2019-18774)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform.Nextcloud Server is one of the server version. A privilege validation vulnerability exists in versions of Nextcloud Server prior to 14.0.0 that can be exploited by an attacker to bypa...

Nextcloud Server < 14.0.0 Multiple Vulnerabilities (NC-SA-2018-011, NC-SA-2018-012, NC-SA-2018-014) - Linux

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Design/Logic Flaw

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

CVE-2018-16465

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

CVE-2018-16465

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

CVE-2018-16465

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

Second factor authentication bypassed if provider fails to load (NC-SA-2018-011)

Missing state would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

Google 'Titan Security Key' Is Now On Sale For $50

Google just made its Titan Security Key available on its store for $50. First announced last month at Google Cloud Next '18 convention, Titan Security Key is a tiny USB device—similar to Yubico's YubiKey—that offers hardware-based two-factor authentication 2FA for online accounts with the highest...

Nextcloud Server Security Bypass Vulnerability (Aug 2018)

Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Titan Security Keys – Google launches its own USB-based FIDO U2F Keys

At Google Cloud Next '18 convention in San Francisco, the company has introduced Titan Security Keys —a tiny USB device, similar to Yubico's YubiKey, that offers hardware-based two-factor authentication for your online accounts with the highest level of protection against phishing attacks. These...

DUO-PSA-2014-004: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2014-004 Original Publication Date: 2014-02-12 Revision Date: 2014-03-27 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in which it is possible to bypass second factor authentication of multisite...

Apple Patent Links Power Cord To Password Recovery

The filing, 20120005747A1, describes a method for storing a password recover secret on a peripheral device, including a power adapter. The development would, in essence, turn power cords and other peripherals into a second factor that would make it harder for thieves to gain access to devices the...