3 matches found
CVE-2023-37268
Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...
CVE-2023-37268
CVE-2023-37268 affects Warpgate, a Linux bastion host providing SSH/HTTPS/MySQL access. The issue allows an attacker to log in as another user when the attacker’s account uses SSO, enabling credential-forgery if the target account has no second factor. The root cause is an authorization flaw tied...
CVE-2023-37268 User login confusion with SSO in warpgate
Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...