47 matches found
Important: runfinch-finch
Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...
Important: containerd
Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...
CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
Linux Distros Unpatched Vulnerability : CVE-2026-39831
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Verify method for FIDO/U2F security key types [email protected], sk-ssh- [email protected] did not check the User Presence flag. Signatur...
SUSE CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
EUVD-2026-31395
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
CVE-2026-39831
CVE-2026-39831 involves the Verify() method for FIDO/U2F security key types ([email protected], [email protected]) where the User Presence flag was not checked. This allowed signatures generated without physical user interaction to be accepted, enabling unattended use of...
GO-2026-5019 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where the Verify method does not check the presence flag of the user. This allows signatures generate...
PT-2026-42710
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The Verify method for FIDO/U2F security key types [email protected] and [email protected] failed to check the User Presence flag. This...
CVE-2022-33172
de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC...
CAHICHA: Computer Automated Hardware Interaction Test to Tell Computer and Humans Apart
As automation bot technology and Artificial Intelligence is evolving rapidly, conventional human verification techniques like voice CAPTCHAs and knowledge-based authentication are becoming less effective. Bots and scrapers with Artificial Intelligence AI capabilities can now detect and solve visu...
EUVD-2021-1997
Malware in sbrugna...
CVE-2021-38299
Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence...
ZITADEL 安全漏洞
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. ZITADEL suffers from a security vulnerability that stems from username normalization leading to user presence...
SAP NetWeaver Server ABAP 安全漏洞
SAP NetWeaver Server ABAP is an application server from SAP Germany. An information disclosure vulnerability exists in SAP NetWeaver Server ABAP. The vulnerability stems from the server generating different responses depending on the presence or absence of a particular user, thereby disclosing...