135 matches found
Google Chrome gets ‘Device Bound Session Credentials’ to stop cookie theft
Google has announced the introduction of Device Bound Session Credentials DBSC to secure Chrome users against cookie theft. In January we reported how hackers found a way to gain unauthorized access to Google accounts, bypassing multi-factor authentication MFA, by stealing authentication cookies...
Insufficient Session Expiration
getkirby/cms is vulnerable to Insufficient Session Expiration. The vulnerability exists because web sessions are not properly expired which permits an attacker to reuse old session credentials or session IDs for authorization...
The vulnerability of the cloud platform for protecting applications from unauthorized access by users and Cisco Duo devices for Mac OS, Windows, and RDP applications allows a intruder to replicate user session credentials and gain unauthorized access to the vulnerable device.
The vulnerability of the cloud platform for protecting applications from unauthorized users and Cisco Duo devices for Mac OS, Windows, and RDP applications relates to bypassing the authentication process by exploiting captured parameters during authentication attempts. Exploiting this vulnerabili...
Cisco Duo Authentication for macOS Logon Offline Credentials Replay (cisco-sa-duo-replay-knuNKd)
According to its self-reported version, Cisco Duo Authentication for macOS is affected by a vulnerability. A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker...
CVE-2023-20123
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...
CVE-2023-20123
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...
Design/Logic Flaw
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...
CVE-2023-20123
Cisco Duo for macOS and Duo Authentication for Windows Logon offline Credential replay vulnerability (CVE-2023-20123) allows an unauthenticated, physical attacker to replay previously used MFA codes because session credentials do not expire properly. Affected products include Cisco Duo on macOS a...
CVE-2023-20123 Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...
Cisco Duo 安全漏洞
Cisco Duo is a fully managed solution from Cisco, Inc. It provides secure access to your applications and data. A security vulnerability exists in Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP, which stems from session credentials that have not...
PT-2023-2213 · Cisco · Cisco Duo
Name of the Vulnerable Software and Affected Versions: Cisco Duo versions affected versions not specified Description: The issue is related to a vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication, which could allow an unauthenticated, physical attacker to replay valid...
Insufficient Session Expiration
Description Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. When handling sessions, web developers can rely either on server tokens or generate session identifiers within the application. Each session should...
Cockpit 代码问题漏洞
Cockpit is an interactive server management interface. An access control error vulnerability exists in Cockpit versions prior to 2.2.0 that stems from insufficient session expiration. An attacker could exploit the vulnerability to take control of an account using expired session credentials...
IBM Engineering Requirements Quality Assistant 跨站脚本漏洞
IBM Engineering Requirements Quality Assistant is a Watson AI-based software from IBM to assist developers in improving the quality of engineering requirements. All versions of IBM Engineering Requirements Quality Assistant are vulnerable to a cross-site scripting vulnerability that stems from a...
DEBIAN-CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-24042
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...
Authorization
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...
CVE-2022-24042
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...
多款Siemens产品代码问题漏洞
Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...
CVE-2022-25014
Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting XSS vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link...