7 matches found
TYPO3 Unverified Password Change for Backend Users
Problem The backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower th...
GHSA-3JRG-97F3-RQH9 TYPO3 Unverified Password Change for Backend Users
Problem The backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower th...
CVE-2023-3597 Keycloak: secondary factor bypass in step-up authentication
A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication...
GHSA-4F53-XH3V-G8X4 Keycloak secondary factor bypass in step-up authentication
Keycloak does not correctly validate its client step-up authentication. A password-authed attacker could use this flaw to register a false second auth factor, alongside the existing one, to a targeted account. The second factor then permits step-up authentication...
PT-2024-12538 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in the client step-up authentication mechanism, where it does not correctly validate authentication. This allows a remote user authenticated with a password to register a...
keycloak: secondary factor bypass in step-up authentication
A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication...
keycloak: secondary factor bypass in step-up authentication
A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication...