Impact OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-based One Time Password (TOTP). Due to normalization applied by the underlying TOTP library, codes ...
Continue Reading
August 08, 2025
Impact When using OpenBao's userpass auth method, user enumeration was possible due to timing difference between non-existent users and users with stored credentials. This is independent of wheth ...
Continue Reading
August 08, 2025
Impact Attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user e ...
Continue Reading
August 08, 2025
Impact Under certain threat models, OpenBao operators with privileged API access may not be system administrators and thus normally lack the ability to update binaries or execute code on the system. A ...
Continue Reading
August 08, 2025
creation_timestamp| type| source ---|---|--- 2025-08-08 16:10:32+00:00| seen|...Read More ...
Continue Reading
August 08, 2025
The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods i ...
Continue Reading
August 08, 2025
The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods i ...
Continue Reading
August 08, 2025
Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via ...
Continue Reading
August 08, 2025
Back to Main
