6 matches found
CVE-2025-55796
The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...
CVE-2025-55796
The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...
Authentication Bypass
Vault is vulnerable to authentication bypass. The vulnerability is due to insufficient enforcement of MFA login rate limits and TOTP token reuse, which allows an attacker to bypass MFA protections and reuse valid tokens for unauthorized access...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to validating the provided TOTP code during login MFA. An attacker can gain unauthorized access to sensitive data by bypassing internal rate limiting and reusing existing TOTP codes by including whitespace in the TOTP...
CVE-2013-5708
Coursemill Learning Management System LMS 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605...
Cross site request forgery (csrf)
Coursemill Learning Management System LMS 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605...