Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an att ...
Continue Reading
August 18, 2022
Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an att ...
Continue Reading
August 18, 2022
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5526-2 advisory. Note that Nessus has not tested for this issue but has instead re ...
Continue Reading
August 18, 2022
USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. We apologize f ...
Continue Reading
August 16, 2022
# Description 2FA secret is disclosed in JWT token after user logs into his account in Cockpit Content Platform ? v2.2.1 allowing attacker to bypass the 2FA code. # Proof of Concept 1.Login with your ...
Continue Reading
August 12, 2022
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5894 advisory. - minimist: prototype pollution (CVE-2021 ...
Continue Reading
August 09, 2022
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...
Continue Reading
August 04, 2022
Back to Main
