Lucene search
+L

175 matches found

osv
osv
added 2021/05/26 12:15 a.m.1 views

DEBIAN-CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

6.8CVSS6.9AI score0.00333EPSS
Exploits0References1
prion
prion
added 2021/05/26 12:15 a.m.11 views

Design/Logic Flaw

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

4.6CVSS6.5AI score0.00333EPSS
Exploits0References5Affected Software2
ubuntucve
ubuntucve
added 2021/05/26 12:15 a.m.17 views

CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

6.8CVSS6.8AI score0.00333EPSS
Exploits0References3
cvelist
cvelist
added 2021/05/25 11:40 p.m.21 views

CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

6.7AI score0.00333EPSS
Exploits0References5
cve
cve
added 2021/05/25 11:40 p.m.198 views

CVE-2021-31924

Affected software: Yubico pam-u2f (PAM module for FIDO2/U2F) prior to version 1.1.1. Root cause: A logic issue in pam-u2f could bypass a PIN requirement when configured to require PIN and the application allows NULL as the PIN; pam-u2f then proceeds with FIDO2 authentication without PIN. This byp...

6.8CVSS6.3AI score0.00333EPSS
Exploits0References5Affected Software1
debiancve
debiancve
added 2021/05/25 11:40 p.m.17 views

CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

6.8CVSS6.8AI score0.00333EPSS
Exploits0
alpinelinux
alpinelinux
added 2021/05/25 11:40 p.m.41 views

CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

6.8CVSS6.5AI score0.00333EPSS
Exploits0
cnnvd
cnnvd
added 2021/05/25 12:0 a.m.15 views

Yubico pam-u2f 授权问题漏洞

Yubico pam-u2f is a portable authentication module for U2F. An authorization issue vulnerability exists in Yubico pam-u2f versions prior to 1.1.1, which stems from a logical issue with pam-u2f that could lead to a local PIN bypass depending on the application that pam-u2f is configured and used i...

6.8CVSS7AI score0.00333EPSS
Exploits0References8
nvd
nvd
added 2021/05/21 12:15 p.m.23 views

CVE-2020-12061

An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...

9.8CVSS0.01853EPSS
Exploits1References4
prion
prion
added 2021/05/21 12:15 p.m.18 views

Code injection

An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...

5CVSS9.2AI score0.01853EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2021/05/21 11:3 a.m.22 views

CVE-2020-12061

An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...

9.3AI score0.01853EPSS
Exploits1References4
cve
cve
added 2021/05/21 11:3 a.m.51 views

CVE-2020-12061

The CVE-2020-12061 entry concerns Nitrokey FIDO U2F firmware up to version 1.1, where plain-text communication between the microcontroller and the secure element allows an attacker to eavesdrop on credentials and derive secrets stored in the microcontroller, enabling arbitrary manipulation of the...

9.8CVSS9.2AI score0.01853EPSS
Exploits1References4Affected Software1
threatpost
threatpost
added 2021/05/11 7:46 p.m.40 views

GitHub Prepares to Move Beyond Passwords

GitHub, the ubiquitous host for software development and version control and unfortunate target of a steady pitter-patter of attacks targeting the same, is now supporting security keys when using Git over SSH. In a post on Monday, GitHub security engineer Kevin Jones said that this is the next st...

5.8AI score
Exploits0References16
mmpc
mmpc
added 2021/04/22 4:0 p.m.43 views

Evolving beyond password complexity as an identity strategy

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Troy Hunt, founder of Have I Been Pwned,...

7AI score
Exploits0
mssecure
mssecure
added 2021/04/22 4:0 p.m.49 views

Evolving beyond password complexity as an identity strategy

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Troy Hunt, founder of Have I Been Pwned,...

7AI score
Exploits0
malwarebytes
malwarebytes
added 2021/03/22 9:33 p.m.34 views

How to enable Facebook’s hardware key authentication for iOS and Android

Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication 2FA than SMS which is vulnerable to SIM swap...

7AI score
Exploits0
nvd
nvd
added 2021/03/22 8:15 p.m.16 views

CVE-2021-25917

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...

4.8CVSS0.00621EPSS
Exploits0References2
osv
osv
added 2021/03/22 8:15 p.m.19 views

CVE-2021-25917

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...

4.8CVSS6.7AI score0.00621EPSS
Exploits0References2
prion
prion
added 2021/03/22 8:15 p.m.13 views

Cross site scripting

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...

3.5CVSS5.2AI score0.00621EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/03/22 7:36 p.m.24 views

CVE-2021-25917

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...

5.5AI score0.00621EPSS
Exploits0References2
Rows per page
Query Builder