Lucene search
K

47 matches found

NVD
NVD
added 2020/05/12 2:15 p.m.35 views

CVE-2020-10706

A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via t...

6.6CVSS6.3AI score0.00128EPSS
Exploits0References1
seebug.org
seebug.org
added 2017/09/19 12:0 a.m.49 views

Moxa AWK-3131A Web Application Nonce Reuse Vulnerability(CVE-2016-8712)

Summary An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Teste...

4.3CVSS8.3AI score0.01353EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2017/08/29 3:29 p.m.2 views

CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

5.9CVSS5.5AI score0.0125EPSS
Exploits0References4
NVD
NVD
added 2017/08/29 3:29 p.m.14 views

CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

5.9CVSS5.9AI score0.0125EPSS
Exploits0References3
Veracode
Veracode
added 2017/08/21 9:2 a.m.16 views

Unauthorized Extension Of Token Validity

simplesamlphp is vulnerable to having a token's validity period extended by an unauthorized party. The vulnerability is possible because there is a flaw in the calculateTokenValue function in TimeLimitedToken.php. The flaw allows an attacker to extend the prepended offset as much as needed to hit...

5.9CVSS6.4AI score0.0125EPSS
Exploits0References5Affected Software1
Hacker One
Hacker One
added 2014/11/18 2:53 p.m.60 views

Coinbase: New Device Confirmation, token is valid until not used.

New Device Confirmation token sends to the logged in user from unconfirmed device. Now If Click on Account or Settings or Profile email of new token will send to that person and same if user click multiple times, more and more confirmation emails user received. On each reload each confirmation...

6.8AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2014/04/26 8:4 p.m.9 views

Authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a release 0.1.2, tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication credentials...

7.4AI score
Exploits0Affected Software1
Rows per page
Query Builder