Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an att ...
Continue Reading18 августа, 2022
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5526-2 advisory. Note that Nessus has not tested for this issue but has instead re ...
Continue Reading18 августа, 2022
USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. We apologize f ...
Continue Reading16 августа, 2022
# Description 2FA secret is disclosed in JWT token after user logs into his account in Cockpit Content Platform ? v2.2.1 allowing attacker to bypass the 2FA code. # Proof of Concept 1.Login with your ...
Continue Reading12 августа, 2022
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5894 advisory. - minimist: prototype pollution (CVE-2021 ...
Continue Reading09 августа, 2022
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...
Continue Reading04 августа, 2022
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 is a ...
Continue Reading03 августа, 2022
Golang implementation of json web tokens (jwt).Read More ...
Continue Reading30 июля, 2022
Back to Main