Lucene search
K

6 matches found

CVE
CVE
added 2026/04/30 8:39 p.m.40 views

CVE-2026-41263

CVE-2026-41263 affects Traefik’s BasicAuth middleware. A timing side-channel allows an attacker to enumerate valid usernames by measuring response times, because the constant-time fallback secret resolves to an empty string, causing the bcrypt check to short-circuit quickly. Vulnerable versions a...

6.3CVSS5.3AI score0.00369EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.13 views

Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2 contain security vulnerabilities. These vulnerabilities stem from variables used in the BasicAuth middleware for constant-time comparisons, which are...

6.3CVSS5.8AI score0.00369EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/24 8:36 p.m.2 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/24 8:36 p.m.3 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-36179

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 Description An authentication bypass exists in the StripPrefixRegex middleware when used with ForwardAuth, BasicAuth, or DigestAuth. The...

8.5CVSS5.8AI score0.00767EPSS
Exploits1References20
Rows per page
Query Builder