Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authenticator vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-35509
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
Redhat Keycloak 12.0.0
Redhat Keycloak 11.0.3
7.5
CVSSv3
CVE-2020-27178
Apereo CAS 5.3.x prior to 5.3.16, 6.x prior to 6.1.7.2, 6.2.x prior to 6.2.4, and 6.3.x prior to 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.
Apereo Central Authentication Service
Apereo Central Authentication Service 6.3.0
9.8
CVSSv3
CVE-2023-39979
There is a vulnerability in MXsecurity versions before 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.
Moxa Mxsecurity
9.8
CVSSv3
CVE-2021-38299
Webauthn Framework 3.3.x prior to 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence.
Spomky-labs Webauthn Framwork
NA
CVE-2013-4178
The Google Authenticator login module 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.4 for Drupal allows remote malicious users to obtain access by replaying the username, password, and one-time password (OTP).
Google Authenticator Login Project Ga Login 6.x-1.1
Google Authenticator Login Project Ga Login 7.x-1.0
Google Authenticator Login Project Ga Login 7.x-1.1
Google Authenticator Login Project Ga Login 7.x-1.2
Google Authenticator Login Project Ga Login 6.x-1.0
Google Authenticator Login Project Ga Login 6.x-1.x
Google Authenticator Login Project Ga Login 7.x-1.3
NA
CVE-2023-44039
In VeridiumID prior to 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim’s account and consequently take over the account.
8.8
CVSSv3
CVE-2022-2193
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated malicious users to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions before 6...
Hypr Hypr Server
NA
CVE-2013-4177
The Google Authenticator login module 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote malicious users to bypass the two-factor authentication requirement via unspecified vectors.
Google Authenticator Login Project Ga Login 6.x-1.0
Google Authenticator Login Project Ga Login 7.x-1.0
Google Authenticator Login Project Ga Login 6.x-1.x
Google Authenticator Login Project Ga Login 7.x-1.1
Google Authenticator Login Project Ga Login 7.x-1.3
Google Authenticator Login Project Ga Login 6.x-1.1
Google Authenticator Login Project Ga Login 7.x-1.2
6.1
CVSSv3
CVE-2019-0234
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade ...
Apache Roller 5.2.1
Apache Roller 5.2.0
Apache Roller 5.2.2
NA
CVE-2010-3321
RSA Authentication Client 2.0.x, 3.0, and 3.5.x prior to 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspe...
Rsa Authentication Client 2.0
Rsa Authentication Client 3.0
Rsa Authentication Client 3.5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »