Skip to main content

Authenticator

7 CVEs product

Monthly

CVE-2026-26123 MEDIUM PATCH This Month

Microsoft Authenticator contains an information disclosure vulnerability that allows local attackers to access sensitive data without requiring elevated privileges or user interaction beyond standard operation. The vulnerability stems from improper categorization of security controls, enabling unauthorized disclosure of confidential information on affected systems. No patch is currently available for this issue.

Microsoft Information Disclosure Authenticator
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54154 MEDIUM PATCH This Month

An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.1.1227 and later

Authentication Bypass Qnap Authenticator
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-45394 HIGH PATCH This Week

Authenticator is a browser extension that generates two-step verification codes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Authenticator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21390 HIGH PATCH This Week

Microsoft Authenticator Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Microsoft Authenticator
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2023-27895 MEDIUM This Month

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Google Authenticator
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-35290 HIGH This Week

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Authenticator
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2012-6140 LOW POC Monitor

pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Information Disclosure Google Authenticator
NVD
CVSS 2.0
1.9
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Authenticator contains an information disclosure vulnerability that allows local attackers to access sensitive data without requiring elevated privileges or user interaction beyond standard operation. The vulnerability stems from improper categorization of security controls, enabling unauthorized disclosure of confidential information on affected systems. No patch is currently available for this issue.

Microsoft Information Disclosure Authenticator
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.1.1227 and later

Authentication Bypass Qnap Authenticator
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Authenticator is a browser extension that generates two-step verification codes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Authenticator
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Microsoft Authenticator Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Microsoft Authenticator
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Google +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP +1
NVD
EPSS 0% CVSS 1.9
LOW POC Monitor

pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Information Disclosure Google Authenticator
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy