Description:privacyIDEA Authenticator for Android version 4.3.0 allows recovery of enrolled OTP/TOTP/HOTP secret seeds through runtime hooking of cryptographic functions. On a rooted device, a local attacker can attach an instrumentation framework (such as Frida) to the app process and intercept cryptographic operations. During decryption routines, plaintext OTP seeds are present in memory and can be read directly from process buffers. This exposure enables an attacker with local privileged access to… Läs mer: CVE-2025-61482 – privacyIDEA Authenticator OTP Seed Disclosure

Description:MikroTik RouterOS through version 7.14.2 and SwOS through version 2.18 initialize the WebFig management interface with HTTP enabled by default and without automatic redirection to HTTPS. After a factory reset, the management UI including the login page and associated JavaScript loads entirely over cleartext HTTP. During authentication, the client-side script stores the username and password in window.sessionStorage and transmits credentials over port 80, allowing interception by any on-path attacker. Packet… Läs mer: CVE-2025-61481 – MikroTik RouterOS and SwOS WebFig Default HTTP Configuration Allows Credential Interception