MidnightBSD

Advisories for vasco

CVE-2013-7292 LOW

VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active Directory (AD) authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vasco identikey_authentication_server 3.4
CVE-2015-7349 MEDIUM

Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vasco digipass -