EUVD-2002-0238

Malware in sbrugna...

Secure Authentication Via Quantum Physical Unclonable Functions: a Review

Quantum Physical Unclonable Functions QPUFs offer a physically grounded approach to secure authentication, extending the capabilities of classical PUFs. This review covers their theoretical foundations and key implementation challenges - such as quantum memories and Haar-randomness -, and...

Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

CVE-2025-32896

CVE-2025-32896 affects Apache SeaTunnel (

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

CVE-2024-58135

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication

Today, the Cybersecurity and Infrastructure Security Agency CISA and the U.S. Department of Agriculture USDA released Phishing-Resistant Multi-Factor Authentication MFA Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authenticati...

The War on Passwords Is One Step Closer to Being Over

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday...

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

PT-2024-4668

Name of the Vulnerable Software and Affected Versions: RADIUS Protocol affected versions not specified FreeRadius affected versions not specified Palo Alto Networks PAN-OS affected versions not specified eduMFA prior version 2.2.0 Description: The RADIUS protocol under RFC 2865 is susceptible to...

How to Improve Your API Security Posture

APIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn't come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or even ta...

gitea -- multiple issues

The Gitea team reports: Test if container blob is accessible before mounting. Set type="password" on all authtoken fields Seen when migrating from other hosting platforms. Prevents exposing the token to screen capture/cameras/eyeballs. Prevents the browser from saving the value in its autocomplet...

Researchers Use Natural Silk Fibers to Generate Secure Keys for Strong Authentication

A group of academics at South Korea's Gwangju Institute of Science and Technology GIST have utilized natural silk fibers from domesticated silkworms to build an environmentally friendly digital security system that they say is "practically unbreachable." "The first natural physical unclonable...

Microsoft Azure Active Directory again a “Leader” in Gartner Magic Quadrant for Access Management

Howdy folks, I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory Azure AD has been recognized as a “Leader” in Gartner Magic Quadrant for Access Management, Worldwide. Earlier this year, my boss, Joy Chik, CVP of Identity Engineering shared Microsoft’s guidin...

SYS.1.2.2.A6

Ziel des Bausteins SYS.1.2.2 ist die Absicherung von Microsoft Windows Server 2012 und Microsoft Windows Server 2012 R2. Die Standard-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify...

Remote Command Execution Vulnerability in Service_path Parameter of Security Authentication Gateway of Shanghai Gale Software Co.

Gehl Secure Authentication Gateway is to provide digital certificate based authentication service, data link encryption service for network applications. A remote command execution vulnerability exists in the servicepath parameter in the /api/query.php?getaction=log page of the Secure...

GoToMyPC

...

IPSwitch Imail password decryption

Password are stored with reversable encryption as required for secure authentication...