6 matches found
CVE-2026-41263
CVE-2026-41263 affects Traefik’s BasicAuth middleware. A timing side-channel allows an attacker to enumerate valid usernames by measuring response times, because the constant-time fallback secret resolves to an empty string, causing the bcrypt check to short-circuit quickly. Vulnerable versions a...
Traefik 安全漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2 contain security vulnerabilities. These vulnerabilities stem from variables used in the BasicAuth middleware for constant-time comparisons, which are...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...
PT-2026-36179
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 Description An authentication bypass exists in the StripPrefixRegex middleware when used with ForwardAuth, BasicAuth, or DigestAuth. The...