27 matches found
keycloak: Session takeover with OIDC offline refreshtokens
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
keycloak: Session takeover with OIDC offline refreshtokens
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
CVE-2022-3916
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
Khan Academy: CSRF token fixation and potential account takeover
Hi Team, Details: I have found that the csrftoken fkey parameter which prevent CSRF attacks is fixed in same browser and didn't changed even user login or logout , a lot of users can use the same CSRFtoken , this can be exploited such 2 ways : Shared computers: - attacker open...
Vimeo: Full account takeover via Add a New Email to account without email verified and without password confirmation.
Description : This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals Bug : Add a New Email to account without email verified and without password confirmation when the leaves open email ,Leading to the theft of account In less...
[Firefox Password Remover v1.5] Firefox Website Login Password Removal Tool
Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox. You can either remove selected ones or all of the stored passwords from the Firefox sign-on database. One of the unique feature of this tool is that it allows you to remove the website...
[Firefox Password Remover] Firefox Website Login Password Removal Tool
Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox. You can either remove selected ones or all of the stored passwords from the Firefox sign-on database. One of the unique feature of this tool is that it allows you to remove the website...