Authentication Bypass by Capture-replay vulnerability in Apache APISIX.
Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry.
This issue affects A
Authentication Bypass by Spoofing vulnerability in Apache APISIX.
The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.
This issue affects Apach
Improper Validation of Integrity Check Value vulnerability in Apache APISIX.
The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass.
This issue affects Apache APIS
Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.
This issue
Improper Input Validation vulnerability in Apache APISIX.
The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers.
This issue affects Apache APISIX:
Header injection vulnerability in Apache APISIX.
The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers.
This issue affects Apache APISIX: from 2.
Incorrect Authorization vulnerability in Apache APISIX.
An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different sou
Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.
This issue affects ANKA JPD-00028: before V.01.01.
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/co
A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker.
Users are recommended to upgrade to version 2.4.67, which fixes thi
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` d
When issuing JSON Web Tokens (JWT), Apache StreamPark directly uses the user's password as the HMAC signing key (e.g., with the HS256 algorithm). An attacker can exploit this vulnerability to perform
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers ca
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints d
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.
The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft.
This issue
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authent
Page 1+ Next →