2 matches found
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the IsPasswordMatch function. An attacker can gain unauthorized access to accounts registered through OIDC by submitting the password "null" to the internal login endpoint, which results in a valid session...
Note Mark: OIDC-registered users authenticated by submitting password "null"
Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...