GHSA-4FWJ-M62Q-PP47 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

CVE-2024-56733

CVE-2024-56733 affects Password Pusher (versions ≤ 1.50.3). A vulnerability allows an attacker to copy the session cookie before logout, potentially enabling session hijacking until the token expires or is cleared. Root cause centers on accessing an active session cookie (e.g., MITM, XSS, or loca...

CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

PT-2024-4160

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description A vulnerability in the implementation of SAML 2.0 single sign-on SSO for...

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

The vulnerability of the WS-UsernameToken authentication mechanism in Dahua cameras, related to the possibility of intercepting ONVIF requests. Exploiting this vulnerability could allow a malicious actor to gain full access to the IP camera.

The vulnerability of the WS-UsernameToken authentication mechanism in Dahua IP cameras lies in the ability to intercept ONVIF requests. Exploiting this vulnerability could allow a malicious actor to gain full access to the IP camera...

The vulnerability of the CGI program of the Zyxel NBG6604 switch, related to incorrect session duration, allows attackers to gain access to the device.

The vulnerability of the CGI program of the Zyxel NBG6604 switch is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to gain access to the device by intercepting the authentication token...

CVE-2022-22690

Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" or just "ApplicationUrl" is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the...

CVE-2021-35034

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted...

CVE-2021-35034

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted...

CVE-2021-35034

Zyxel NBG6604 firmware CGI program has an insufficient session expiration vulnerability that can let a remote attacker access the device if the correct token is intercepted. Impact is unauthorized access via the network; exploitation is network-based with no user interaction. No explicit remediat...

MGASA-2021-0272 Updated guacd packages fix security vulnerabilities

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...

The vulnerability of the Microsoft Visual Studio Code Live Share Extension, related to the lack of data protection for service data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Microsoft Visual Studio Code Live Share Extension relates to the lack of protection for service data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by intercepting tokens from the client to...

CVE-2020-7503

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted...

Instagram Block - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-037

This module enables you to authenticate with Instagram's API via an intermediary service instagram.yanniboi.com. The module doesn't sufficiently advise that your authentication tokens could be intercepted. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in...

Grindr for iOS Session Token Remote Password Manipulation Vulnerability

Grindr for iOS is GPS based mobile app. A security vulnerability in the Grindr for iOS reset password feature allows attackers to exploit the vulnerability to intercept session tokens, change email values, and reset passwords...