Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.NACOS_CVE-2021-29441.NBINHistoryOct 26, 2021 - 12:00 a.m.
Nacos < 1.4.1 Authentication Bypass (CVE-2021-29441)
2021-10-2600:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
38
A change introduced in Nacos prior to 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.
Binary data nacos_cve-2021-29441.nbinRelated
github
github
Authentication Bypass
2021-04-27 20:09:17
nuclei
nuclei
Nacos <1.4.1 - Authentication Bypass
2021-04-28 04:54:36
gitlab
gitlab
Authentication Bypass by Spoofing
2021-04-27 00:00:00
Authentication Bypass by Spoofing
2021-04-27 00:00:00
githubexploit
githubexploit
Exploit for Authentication Bypass by Spoofing in Alibaba Nacos
2022-03-15 08:53:59
prion
prion
Authentication flaw
2021-04-27 21:15:00
cve
cve
CVE-2021-29441
2021-04-27 21:15:00
osv
osv
Authentication bypass for specific endpoint
2021-04-27 20:09:25
CVE-2021-29441
2021-04-27 21:15:07
Authentication Bypass
2021-04-27 20:09:17
thn
thn
Related for NACOS_CVE-2021-29441.NBIN