5 matches found
Incorrect Authorization
Overview ec-cube/ec-cube is an e-commerce solution. Affected versions of this package are vulnerable to Incorrect Authorization in the admintwofactorauthset process. An attacker can gain unauthorized access to the administrative interface and perform actions such as viewing sensitive information ...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to unsafe settings for the second factor in 2FA. An attacker can bypass intended rate limiting by maintaining a valid session for an unusually long period and repeatedly attempting authentication...
DRUPAL-CONTRIB-2025-055
The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain sensitive routes, allowing an attacker to view or modify various TFA-related settings...
SUSE CVE-2023-35866
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...
CVE-2021-25759
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user...