Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authenticator vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-6140
pam_google_authenticator.c in the PAM module in Google Authenticator prior to 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different v...
Google Authenticator 0.87
Google Authenticator 0.86
Google Authenticator
4.3
CVSSv3
CVE-2022-3994
The Authenticator WordPress plugin prior to 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations.
Authenticator Project Authenticator
9.8
CVSSv3
CVE-2013-10013
A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql ...
Authenticator Plugin Project Authenticator Plugin
7.1
CVSSv3
CVE-2024-21390
Microsoft Authenticator Elevation of Privilege Vulnerability
Microsoft Authenticator
1 Article
7.5
CVSSv3
CVE-2022-35290
Under certain conditions SAP Authenticator for Android allows an malicious user to access information which would otherwise be restricted.
Sap Authenticator
7.5
CVSSv3
CVE-2022-44589
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google A...
Miniorange Google Authenticator
4.8
CVSSv3
CVE-2022-1321
The miniOrange's Google Authenticator WordPress plugin prior to 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html i...
Miniorange Google Authenticator
4.3
CVSSv3
CVE-2022-0875
The Google Authenticator WordPress plugin prior to 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing malicious users to make a logged in admin change them and perform Cross-Site Scripting attacks
Miniorange Google Authenticator
8.8
CVSSv3
CVE-2023-1477
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: prior to 7.10.2, prior to 8.0.3.
Hypr Keycloak Authenticator
6.5
CVSSv3
CVE-2023-27895
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On suc...
Sap Authenticator 1.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »