CVE-2026-47203

CVE-2026-47203 (Authelia) affects Authelia 4.38.0–4.39.19 where using Basic Auth on the authz verification endpoint exposes a bug: the username extracted from the Authorization header is passed to the ban/attempt regulation as-is, while LDAP binds are case-insensitive but regulation SQL lookups c...

CVE-2026-47203 Authelia Missing Username Canonicalization in Basic Auth (LDAP)

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

CVE-2026-44367 Klaw: user lockout due to case sensitivity inconsistency

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

Klaw 安全漏洞

Klaw is an open-source operating system tool developed by Aiven Open. Versions of Klaw prior to 2.10.4 contained security vulnerabilities. These vulnerabilities were due to inconsistent handling of username case sensitivity, which could lead to targeted denial-of-service attacks and complete...

CVE-2020-12812

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...

PT-2025-54218

Name of the Vulnerable Software and Affected Versions FortiOS affected versions not specified Description A flaw in FortiOS allows bypassing of multi-factor authentication MFA through manipulation of username case. This issue is currently being exploited. The exploitation involves tricking the...

CVE-2025-24399

CVE-2025-24399 affects the Jenkins OpenId Connect Authentication Plugin. The vulnerability arises because the plugin versions 4.452.v2849b_d3945fa_ and earlier (except 4.438.440.v3f5f201de5dc) treat usernames as case-insensitive, which on a Jenkins instance with a case-sensitive OpenID Connect pr...

PT-2025-5357 · Jenkins · Jenkins Openid Connect Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenId Connect Authentication Plugin versions 4.452.v2849b d3945fa and earlier, except version 4.438.440.v3f5f201de5dc Description: The issue allows attackers to log in as any user by providing a username that differs only in letter...

VulnCheck KEV: CVE-2020-12812

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication FortiToken if they change the case in their username...

CVE-2020-12812

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...

PT-2020-6439

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0.0 through 6.0.9 FortiOS versions 6.2.0 through 6.2.3 FortiOS version 6.4.0 Description An improper authentication issue exists in the SSL VPN functionality of FortiOS. This allows attackers to bypass two-factor...

Fedora 11 : viewvc-1.1.2-2.fc11 (2009-8507)

CHANGES in 1.1.2: - security fix: validate the 'view' parameter to avoid XSS attack - security fix: avoid printing illegal parameter names and values - add optional support for character encoding detection issue 400 - fix username case handling in svnauthz module issue 419 - fix cvsdbadmin/svnadm...