| layout | credit | timeline | alephid | date | title | severity | product | mitigation | references | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
vuln |
|
|
ALEPH-2014011 |
2014-12-03 |
VASCO MyDigipass OAuth Unverified Email Social Login Bypass |
high |
|
VASCO MyDigipass is now patched. |
|
VASCO MyDigipass supplied the account’s email addresses as part of the social login authentication process even when the user’s ownership of this email address had not been positively verified. This allowed for a social login attack as detailed in the paper.