Mastodawn

SimpleHelp vulnerability exposes servers to rogue remote support accounts

A critical vulnerability in SimpleHelp, known as CVE-2026-48558, lets hackers create rogue remote support accounts and gain privileged access to servers, allowing them to execute scripts and wreak havoc on your system. This gaping security hole enables unauthenticated attackers to bypass multi-factor authentication and log in as a…

https://osintsights.com/simplehelp-vulnerability-exposes-servers-to-rogue-remote-support-accounts?utm_source=mastodon&utm_medium=social

#Cve202648558 #OpenidConnect #Oidc #MfaBypass #Vulnerability

SimpleHelp vulnerability exposes servers to rogue remote support accounts

Learn how CVE-2026-48558 exposes SimpleHelp servers to rogue remote support accounts and take immediate action to secure your servers now with expert guidance.

OSINTSights

Patrick

Jun 6

One Open-source Project Daily

Simple, unobtrusive authentication for Node.js.

https://github.com/jaredhanson/passport

#1ospd #opensource #express #nodejs #oauth #oauth2 #openid #openidconnect #passport #saml

GitHub - jaredhanson/passport: Simple, unobtrusive authentication for Node.js.

Simple, unobtrusive authentication for Node.js. Contribute to jaredhanson/passport development by creating an account on GitHub.

GitHub

LemonLDAP::NG Jun 1

🌟 LemonLDAP::NG 2.23 released!

ℹ️ Improvements on CAS/SAML/OIDC, on 2FA management, hooks, Crowdsec and configuration

➡️ https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-23-0-is-out/

@ow2 @PerlRakuFoundation

#IAM #SSO #CAS #SAML #OpenIDConnect #OpenSource #LogicielLibre #Perl

Foojay.io May 26

JWT authentication is...
#algnone #algorithmallowlist #APIs #authentication #authorization #BoxLang #bxjwt #CFML #CommandBox #Developertools #ECDSA #EdDSA #encryptedtokens #ForgeBox #HMAC #Java #JSONWebTokens #JVM #JWE #JWS #JWT #keymanagement #Microservices #OAuth #OAuth2 #OIDC #OpenIDConnect #OrtusSolutions #RESTAPIs #RSA #Security #securitylibrary #signedtokens #statelessauthentication #tokensecurity
https://foojay.io/today/introducing-bx-jwt-enterprise-grade-json-web-tokens-for-boxlang/

foojay – a place for friends of OpenJDK

foojay is the place for all OpenJDK Update Release Information. Learn More.

foojay

damienbod May 11

Blogged: Using configurable token lifetimes in Microsoft Entra ID, .NET and Microsoft Graph

https://damienbod.com/2026/05/11/using-configurable-token-lifetimes-in-microsoft-entra-id-net-and-microsoft-graph/

#graph #dotnet #entra #entraid #jwt #oauth #oidc #openidconnect

Using configurable token lifetimes in Microsoft Entra ID, .NET and Microsoft Graph

Configurable token lifetimes in the Microsoft identity platform went GA and I thought I would look at implementing this using a .NET console application using Microsoft Graph . This article looks a…

Software Engineering

Patrick

May 11

GitHub - jaredhanson/passport: Simple, unobtrusive authentication for Node.js.

Simple, unobtrusive authentication for Node.js. Contribute to jaredhanson/passport development by creating an account on GitHub.

GitHub

Benjamin Apr 29

blogged: How I authenticate users with OIDC Access Tokens and track their sessions without a user database.

https://www.benjamin-schieder.de/blog/2026/04/29/secure-stateless-token-authentication.html

#blog #blogged #rss #OpenIDConnect

Secure stateless token authentication

How I store an OIDC access token client-side without disclosing it to the user

Tom

Apr 24

By the way, I set up an Authentik instance just so I could use Tailscale with my own OpenID Connect provider, because I didn't feel like dealing with a Google account, Microsoft account, or anything like that xD

#openidconnect #authentik #tailscale