-
What?
Rework the way sessions are handled.
Assign new session-ID's after authentication (log-ins)
Why?
Currently sessions are handled by storing username, password and isAdmin in a browser cookie. Th…
-
Using http headers for authentication seems to make the subsonic api unusable (unless I'm missing something).
It would be great if there was a way to create an "app password" to use with subsonic cli…
-
Some of us run reverse proxies with middleware that take care of authentication.
It would be nice if we could disable authentication or have a way to bypass the login.
I think LDAP would be kind o…
-
With this module, sign in works perfectly fine (both Active Directory and OTP). For single logout, SimpleSAMLPhp do send a "success" logout message to service provider but when accessed the same URL ,…
-
Hello,
this problem could affect quite a few wmic installations.
After security update KB5004442, Microsoft introduced some Hardening changes in DCOM.
Today the hardening is optional but after …
-
- App version: 2.3.1
---
**Bug description:**
I noticed that the secret for generating JWTs when logging in is hardcoded in the [.env](https://github.com/pawelmalak/flame/blob/master/.env) file. Th…
-
Snyk scan shows this critical vulnerability in xmldom Improper Input Validation and proposed fixes:
**Introduced through**: cbioportal-frontend@3.3.274 › jspdf@1.5.3 › canvg@1.5.3 › xmldom@0.1.2…
-
```yaml
{
"id": 12,
"title": "RVD#12: Authentication bypass vulnerability in SoftBank's Pepper and NAO robots's web console",
"type": "vulnerability",
"description": " An authenti…
-
```yaml
{
"id": 729,
"title": "RVD#729: CMS-770 allows bypassing the user authentication and read read sensitive configuration files",
"type": "vulnerability",
"description": "The prod…
-
Hello If I add SPARQL endpoint into NSS, I wont be able to keep the authentication/authorization of Solid. Because NSS uses a SPARQL store as backend and bypasses all authorization. Am I right?
If y…