Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authenticator vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-42461
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress.
Miniorange Google Authenticator
8.8
CVSSv3
CVE-2023-1477
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: prior to 7.10.2, prior to 8.0.3.
Hypr Keycloak Authenticator
4.8
CVSSv3
CVE-2022-1321
The miniOrange's Google Authenticator WordPress plugin prior to 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html i...
Miniorange Google Authenticator
9.8
CVSSv3
CVE-2021-41194
FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions before 1.0.0 allows unauthorized access to any user's account if `c...
Jupyterhub First Use Authenticator
8.8
CVSSv3
CVE-2022-2385
A security issue exists in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
Kubernetes Aws-iam-authenticator
1 Article
3.9
CVSSv3
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
Sophos Intercept X
Sophos Authenticator
6.1
CVSSv3
CVE-2016-1177
The management screen in Falcon WisePoint 4.3.1 and previous versions and WisePoint Authenticator 4.1.19.22 and previous versions allows remote malicious users to conduct clickjacking attacks via unspecified vectors.
Falconsc Wisepoint Authenticator
Falconsc Wisepoint
4.8
CVSSv3
CVE-2022-1994
The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin prior to 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Miniorange Login With Otp Over Sms\\, Email\\, Whatsapp And Google Authenticator
NA
CVE-2013-0258
The Google Authenticator login (ga_login) module 7.x prior to 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote malicious users to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.
Google Authenticator Login Project Ga Login 7.x-1.2
Google Authenticator Login Project Ga Login 7.x-1.0
Google Authenticator Login Project Ga Login 7.x-1.1
5.3
CVSSv3
CVE-2023-45669
WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented sign...
Webauthn4j Spring Security
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »