Lucene search
K

4 matches found

OSV
OSV
added 2026/05/18 3:35 p.m.6 views

GHSA-74R7-3MJM-JC5V eduMFA: Unauthenticated Failcounter Increment on Resolver Tokens via /validate/check

Impact If the resolver parameter is passed, but the user does not exist, all failcounters of tokens in that resolver will be increased. Patches This, along with other issues, was fixed in eduMFA v2.9.1. Workarounds Limiting access to /validate/check to client applications i.e. Shibboleth/FreeRADI...

6.5CVSS5.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2019/01/14 4:19 p.m.29 views

privacyIDEA Improper Input Validation vulnerability

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

7.5CVSS7.5AI score0.01675EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2018/10/08 3:29 p.m.12 views

Input validation

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

5CVSS7.5AI score0.01675EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2018/10/08 3:29 p.m.8 views

PYSEC-2018-20

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user== to /validate/check url. This vulnerability appears to have been fixed in 2.23.2...

7.5CVSS6.9AI score0.01675EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder