320 matches found
Coder's OIDC authentication allows email with partially matching domain to register
Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider such as publi...
CVE-2024-23324
A flaw was found in the Envoy proxy. External authentication can be bypassed by downstream connections that use the PROXY protocol. Downstream clients can force invalid gRPC requests to send to extauthz, circumventing extauthz checks when failuremodeallow is set to true...
CVE-2024-25618
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers CAS, SAML, OIDC to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication...
Design/Logic Flaw
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers CAS, SAML, OIDC to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication...
CVE-2024-25618 External OpenID Connect Account Takeover by E-Mail Change in mastodon
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers CAS, SAML, OIDC to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication...
PT-2024-2727 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 3.5.18 Mastodon versions prior to 4.0.14 Mastodon versions prior to 4.1.14 Mastodon versions prior to 4.2.6 Description: The issue is related to the implementation of CAS, SAML, and OpenID Connect protocols in...
CVE-2024-23324
Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in...
CVE-2024-23324 Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata
Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in...
The vulnerability of the SAP NetWeaver software integration platform and the SAP Web Dispatcher web dispatcher lies in the lack of proper input validation when querying an external authentication server. This allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the SAP NetWeaver software integration platform and the SAP Web Dispatcher web dispatcher is related to the lack of proper input validation when requesting external server authentication. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...
CVE-2023-32338
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585...
CVE-2023-32338
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585...
CVE-2023-32338
CVE-2023-32338 affects IBM Sterling Secure Proxy and IBM Sterling External Authentication Server (versions 6.0.3 and 6.1.0). The root cause is storing user credentials in plain text, readable by a local user with container access. Reported impact is credential disclosure with high confidentiality...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...
"Not authorized to execute this command" error for External Authentication System User
After login ADC management GUI using local AD user, belowError message prompt: "2 errors encountered. Not authorized to execute this command show ns license Not authorized to execute this command show ns feature"...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerabl...
Cisco Modeling Labs External Authentication Bypass Vulnerability
A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated...
PT-2023-2555 · Cisco · Cisco Modeling Labs
Name of the Vulnerable Software and Affected Versions: Cisco Modeling Labs affected versions not specified Description: The issue is related to the external authentication mechanism of Cisco Modeling Labs, which can be exploited by an unauthenticated, remote attacker to access the web interface...
Citrix Hypervisor - Unable to join server to existing pool
Unable to join the server to pool. Error from xencenter: "The server was unable to contact your domain server to enable external authentication. Check that your settings are correct and a route to the server exists."...
Low: openvpn
Issue Overview: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...