Lucene search
K

27 matches found

RedHat Linux
RedHat Linux
added 2022/12/13 2:4 p.m.4 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/13 2:2 p.m.5 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/11/09 6:25 p.m.40 views

CVE-2022-3916

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS3.4AI score0.00952EPSS
Exploits0References3
Hacker One
Hacker One
added 2018/01/23 9:10 p.m.52 views

Khan Academy: CSRF token fixation and potential account takeover

Hi Team, Details: I have found that the csrftoken fkey parameter which prevent CSRF attacks is fixed in same browser and didn't changed even user login or logout , a lot of users can use the same CSRFtoken , this can be exploited such 2 ways : Shared computers: - attacker open...

1.3AI score
Exploits0
Hacker One
Hacker One
added 2015/01/25 1:5 a.m.24 views

Vimeo: Full account takeover via Add a New Email to account without email verified and without password confirmation.

Description : This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals Bug : Add a New Email to account without email verified and without password confirmation when the leaves open email ,Leading to the theft of account In less...

Exploits0
Kitploit
Kitploit
added 2014/01/23 6:58 a.m.28 views

[Firefox Password Remover v1.5] Firefox Website Login Password Removal Tool

Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox. You can either remove selected ones or all of the stored passwords from the Firefox sign-on database. One of the unique feature of this tool is that it allows you to remove the website...

7AI score
Exploits0
Kitploit
Kitploit
added 2013/11/13 9:9 p.m.196 views

[Firefox Password Remover] Firefox Website Login Password Removal Tool

Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox. You can either remove selected ones or all of the stored passwords from the Firefox sign-on database. One of the unique feature of this tool is that it allows you to remove the website...

7AI score
Exploits0
Rows per page
Query Builder