Authentication Method Confusion

CodeChecker is vulnerable to Authentication Method Confusion. The vulnerability is due to insufficient account security, where the weakly generated root user account cannot be disabled, allowing attackers to exploit it through an external authentication service...

codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...

GHSA-FPM5-2WCJ-VFR7 codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...