Lucene search
K

14 matches found

OSV
OSV
added 2026/04/10 3:30 p.m.2 views

GHSA-8JVC-MCX6-R4CG Vikunja has TOTP Two-Factor Authentication Bypass via OIDC Login Path

Summary The OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. Details The OIDC callback...

7.4CVSS5.9AI score0.00281EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

Vikunja 授权问题漏洞

Vikunja is an open-source to-do application developed by Vikunja. Versions of Vikunja prior to 2.3.0 had an authorization vulnerability. This vulnerability stemmed from the OIDC callback handler, which issued full JWT tokens without checking whether the matching user had enabled TOTP two-factor...

9.1CVSS5.8AI score0.00281EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/09 3:35 p.m.4 views

EUVD-2026-20908

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

7.1AI score0.00417EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 2:27 p.m.4 views

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

5.8AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2025/10/29 10:21 p.m.4 views

GHSA-XRW9-R35X-X878 Zitadel allows brute-forcing authentication factors

Summary A vulnerability in Zitadel allowed brute-force attack on OTP, TOTP and password allowing to impersonate the attacked user. Impact An attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like...

7.7CVSS6.9AI score0.00353EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/29 10:21 p.m.7 views

Zitadel allows brute-forcing authentication factors

Summary A vulnerability in Zitadel allowed brute-force attack on OTP, TOTP and password allowing to impersonate the attacked user. Impact An attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like...

9.8CVSS6.9AI score0.00353EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2025/10/27 9:24 a.m.7 views

Improper Authentication

com.liferay, com.liferay.multi.factor.authentication.timebased.otp.web is vulnerable to improper authentication. The vulnerability is due to the reuse of time-based one-time passwords TOTP within their validity period, which allows an attacker with access to a user’s TOTP to authenticate as that...

6.5CVSS7AI score0.00165EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/11 2:30 a.m.11 views

CVE-2025-55003

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...

5.7CVSS6.7AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:35 p.m.6 views

CVE-2021-29041

Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...

6.5CVSS6.7AI score0.01148EPSS
Exploits0References1
OSV
OSV
added 2024/04/25 11:53 p.m.15 views

CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...

6.5CVSS7.8AI score0.00456EPSS
Exploits0References4
RubySec
RubySec
added 2024/01/11 9:0 p.m.16 views

Devise-Two-Factor vulnerable to brute force attacks

Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks. Impact If a...

7.7AI score
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:2 p.m.16 views

Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module

Denial-of-service DoS vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by 1 enabling Time-based One-time password TOTP on behalf of the other user or 2 modifying the other...

6.5CVSS6.7AI score0.01148EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/20 7:30 p.m.24 views

CVE-2022-29185 Observable Timing Discrepancy in totp-rs

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...

4.2CVSS4.9AI score0.00789EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2012/08/27 3:27 p.m.7 views

Looking to Bolster Security, Dropbox Adds Two-Factor Authentication

Several weeks after announcing that some of its users’ log-ins and passwords had been stolen, file storage company Dropbox announced it has added a two-step authentication process over the weekend to help reinforce the security of its users’ accounts. The added layer of security is currently...

0.7AI score
Exploits0References11
Rows per page
Query Builder