SUSE CVE-2025-6014

Vault and Vault Enterprise's “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

Improper Authentication

com.liferay, com.liferay.multi.factor.authentication.timebased.otp.web is vulnerable to improper authentication. The vulnerability is due to the reuse of time-based one-time passwords TOTP within their validity period, which allows an attacker with access to a user’s TOTP to authenticate as that...

CVE-2025-43798

CVE-2025-43798 affects Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, and 7.4 GA up to update 92 (as well as 7.3 GA up to update 35). The issue is reuse of a time-based one-time password (TOTP) within its validity period, enabling an attacker who has a user’s TOTP to authenticate as that user. The c...

Linux Distros Unpatched Vulnerability : CVE-2017-11104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and...

Authentication Bypass

github.com/hashicorp/vault is vulnerable to authentication bypass. The vulnerability is due to the TOTP Secrets Engine code validation endpoint allowing code reuse within its validity period, which allows an attacker to replay a previously valid code to gain unauthorized access...

CVE-2025-6014

Vault and Vault Enterprise’s “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

Craft CMS Allows TOTP Token To Stay Valid After Use

Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. Impact An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. A TOTP token can be used multiple times t...

Improper Authentication

born05/craft-twofactorauthentication is vulnerable to Improper Authentication. The vulnerability is due to improper checks to prevent TOTP tokens from used multiple times within the validity period...

CVE-2024-23332

The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions o...

How to Extend CA Validity Period and Renew FAS Certificates

This article is designed to describe how to extend CA Validity Period and renew FAS Certificates...

PT-2023-19303 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 3.8.0 Description: The issue concerns the refresh token in vantage6, a privacy-preserving federated learning infrastructure, which is currently valid indefinitely. This is considered bad security practice. The refre...

SUSE CVE-2017-11104

Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check...

SUSE CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

Mandiant-Azure-AD-Investigator - PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity

This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity. Some indicators are "high-fidelity" indicators of compromise, while other artifacts are so called "dual-use" artifacts. Dual-use artifacts may be related to thre...

GaussDB Kernel: Configuring the Validity Period of User Roles

During role creation, the keyword VALID BEGIN is used to set the role validity start time and VALID UNTIL to set the end time. If these two keywords are not set, roles are permanently valid. The role expiration time on each node in the GaussDB Kernel cluster depends on the OS clock on each node...

SSL Certificate Validity - Duration

The CA/Browser Forum has passed a resolution setting the maximum validity period for SSL/TLS subscriber certificates via ballot 193. Certificates issued after March 1, 2018 may not be valid longer than 825 days. Certificates issued after July 1, 2016 through March 1, 2018 may not be valid longer...

UBUNTU-CVE-2017-16852

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

UBUNTU-CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

UBUNTU-CVE-2017-11104

Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check...

PT-2017-11743 · Cz.Nic +1 · Knot Dns +1

Name of the Vulnerable Software and Affected Versions: Knot DNS versions prior to 2.4.5 Knot DNS versions 2.5.x prior to 2.5.2 Description: The issue is related to a flaw in the TSIG protocol implementation. This flaw allows an attacker with a valid key name and algorithm to bypass TSIG...