authentication bypass Archives - Page 2 of 3

Pierluigi Paganini April 15, 2022

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass […]

Pierluigi Paganini January 19, 2022

Box flaw allowed to bypass MFA and takeover accounts

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported. Box develops and markets cloud-based content management, collaboration, and file-sharing tools for businesses. […]

Pierluigi Paganini October 07, 2021

PoC exploit for 2 flaws in Dahua cameras leaked online

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. Experts warn of the availability of proof of concept (PoC) exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045. A remote attacker can exploit both vulnerabilities […]

Pierluigi Paganini September 28, 2021

Trend Micro fixes a critical flaw in ServerProtec Solution, patch it now!

Trend Micro has addressed a critical authentication bypass vulnerability, tracked as CVE-2021-36745, affecting the ServerProtect solution. Trend Micro has released security patches to address a critical authentication bypass vulnerability, tracked as CVE-2021-36745, that affects the Trend Micro ServerProtect product. Trend Micro Server Protect offers comprehensive real-time protection for enterprise infrastructure, preventing them from being targeted by viruses, […]

Pierluigi Paganini June 12, 2021

CVE-2021-3560 flaw in polkit auth system service affects most of Linux distros

An authentication bypass flaw in the polkit auth system service used on most Linux distros can allow to get a root shell. An authentication bypass vulnerability in the polkit auth system service, tracked as CVE-2021-3560, which is used on most Linux distros can allow an unprivileged attacker to get a root shell. “A flaw was found […]

Pierluigi Paganini September 02, 2020

MAGMI Magento plugin flaw allows remote code execution on a vulnerable site

Researchers discovered multiple vulnerabilities in the MAGMI Magento plugin that could lead to remote code execution on a vulnerable Magento site. Tenable published a research advisory for two vulnerabilities impacting the Magento Mass Import (MAGMI) plugin. The flaws were discovered by Enguerran Gillier of the Tenable Web Application Security Team. MAGMI is a Magento database […]

Pierluigi Paganini July 31, 2020

Cisco fixes critical and high-severity flaws in Data Center Network Manager

Cisco addressed critical and high-severity vulnerabilities affecting its Data Center Network Manager (DCNM) network management platform. Cisco addressed this week some critical and high-severity vulnerabilities impacting its Data Center Network Manager (DCNM) network management platform. One of the most security issues is a critical authentication bypass vulnerability, tracked as CVE-2020-3382. The vulnerability can allow a remote, unauthenticated attacker […]

Pierluigi Paganini February 22, 2019

WhatsApp fixes Face ID and Touch ID authentication bypass

WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed. Earlier February, WhatsApp introduced Face ID and Touch ID authentication for its iOS app to allow users to lock the application using the Face ID facial recognition and Touch ID fingerprint systems. The security feature […]

Pierluigi Paganini January 04, 2019

Flaw in Skype for Android exposes photos and contacts

A security expert found a flaw in Skype for Android that could be exploited by an unauthenticated attacker to view photos and contacts, and even open links in the browser. Security expert Florian Kunushevci (19) discovered a vulnerability that allows an unauthenticated local attacker to view photos and contacts, and also to open links in […]

Pierluigi Paganini April 08, 2018

Auth0 authentication bypass issue exposed enterprises to hack

Auth0, one of the biggest identity-as-a-service platform is affected by a critical authentication bypass vulnerability that exposed enterprises to hack. Auth0, one of the biggest identity-as-a-service platform is affected by a critical authentication bypass vulnerability that could be exploited by attackers to access any portal or application which are using it for authentication. Auth0 implements a token-based authentication model for a […]