182 matches found
Weblate 安全漏洞
Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate versions prior to 5.12, which stems from a failure to rate-limit second-factor authentication and could lead to OTP guessing...
PT-2025-25574 · Weblate · Weblate
Name of the Vulnerable Software and Affected Versions: Weblate versions prior to 5.12 Description: The verification of the second factor was not subject to rate limiting, allowing an attacker with valid credentials to automate OTP guessing via the second factor endpoint. Recommendations: For...
CVE-2024-28833
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms...
CVE-2024-9999
In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...
CVE-2025-47790
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...
CVE-2025-47790
Nextcloud Server and Enterprise Server are affected by a session-handling bug that can skip the second-factor authentication after a successful login when remember_login_cookie_lifetime is set to 0 and the session times out. Affected versions: Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3...
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...
Second factor not requested after session timeout
None...
Nextcloud 授权问题漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in Nextcloud versions prior to 29.0.15, prior to 30.0.9, and prior to 31.0.3, which stems from a session...
One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-063
This module enables you to allow users to include a second authentication method in addition to password authentication. The module doesn't sufficiently prevent the same TFA token within a 30 second window. This vulnerability is mitigated by the fact that an attacker must obtain a valid...
DRUPAL-CONTRIB-2025-055
The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain sensitive routes, allowing an attacker to view or modify various TFA-related settings...
Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053
The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't invoke two factor authentication 2FA for the password reset option. This vulnerability is mitigated by the fact that an attacker must have access to the password reset link...
CVE-2025-25450
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint...
CVE-2025-25450
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint...
CVE-2025-25450
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint...
CVE-2025-25450
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint...
CVE-2025-25450
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint...
MyTaag 安全漏洞
MyTaag is a digital business card platform from MyTaag, Inc. designed to help users create, manage and share their professional identities online. A security vulnerability exists in MyTaag v.2024-11-24 and prior versions, which stems from a second factor activated via the /session endpoint...
[SECURITY] [DLA 4040-1] pam-u2f security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4040-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 03, 2025 https://wiki.debian.org/LTS -...