7 matches found
CVE-2026-58399 @acastellon/auth has an authentication bypass via spoofable headers in validateToken()
@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for...
CVE-2026-58399
The CVE affects @acastellon/auth (authentication control for microservices). Versions
@acastellon/auth: Authentication bypass via spoofable headers in validateToken()
@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the TokenAuthenticator process. An attacker can determine valid usernames by measuring response time differences when submitting authentication requests with the X-AUTH-USER header. Remediation Upgrade kimai/kimai to...
PYSEC-2015-4
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...
PT-2015-4526 · Django +1 · Django +1
Name of the Vulnerable Software and Affected Versions: Django versions 1.4.17 and earlier Django versions 1.6.x before 1.6.10 Django versions 1.7.x before 1.7.3 Description: The issue allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in a...
UBUNTU-CVE-2015-0219
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...