CNNVD-202510-3543 Information

CNNVD ID

CNNVD-202510-3543

Related CVE

CVE-2025-61482

• CNNVD Published: 2025-10-27

Description (Chinese)

privacyIDEA Authenticator是privacyIDEA组织的一个登录验证应用。 privacyIDEA Authenticator 4.3.0版本存在安全漏洞，该漏洞源于OTP/TOTP/HOTP值处理不当，可能导致本地攻击者绕过双重身份验证。

Description (English)

PrivacyIDEA Authenticator is a login validation application for the PrivacyIDEA organization. There is a security loophole in version 4.3.0 of the PrivacyIDEA Authority, which stems from the inappropriate handling of OTP/TOTP/HOTP values, which may lead local attackers to bypass double identification.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

privacyIDEA

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/ReversecLabs/android-keystore-audit/blob/master/frida-scripts/tracer-cipher.js https://svarthatt.se/cve/cve-2025-61482-pulling-otp-secrets-from-privacyidea-authenticator/ https://access.redhat.com/security/cve/cve-2025-61482