14 matches found
CVE-2024-1524
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...
CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...
CVE-2022-23721
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...
CVE-2020-7245
Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's...
EUVD-2022-28657
Malicious code in bioql PyPI...
CVE-2024-53245 Information Disclosure due to Username Collision with a Role that has the same Name as the User
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard...
CVE-2024-53245 Information Disclosure due to Username Collision with a Role that has the same Name as the User
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard...
CVE-2022-23721
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...
CVE-2022-23721
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...
Design/Logic Flaw
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...
CVE-2022-23721 PingID integration for Windows login duplicate username collision.
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...
CVE-2022-23721 PingID integration for Windows login duplicate username collision.
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...
CVE-2022-23721
CVE-2022-23721 affects PingID integration for Windows login prior to version 2.9. The issue arises because the component does not handle duplicate usernames, enabling a username collision when two users with the same username are provisioned on the same machine at different times. Impact is descr...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak suffers from a security vulnerability that originates from an attacker being able to register with a username that is the same...