2 matches found
Nacos < 1.4.1 Authentication Bypass (CVE-2021-29441)
Binary data nacoscve-2021-29441.nbin...
GHSA-36HP-JR8H-556F Authentication Bypass
When configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HT...