3 matches found
CVE-2023-46249 authentik potential installation takeover when default admin user is deleted
authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...
CVE-2023-46249 authentik potential installation takeover when default admin user is deleted
authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...
CVE-2023-46249
CVE-2023-46249 affects authentik (open-source Identity Provider). Before 2023.8.4 and 2023.10.2, if the default admin user is deleted, an attacker may set the default admin password without authentication via the initial-setup flow and a blueprint that can read an environment variable. The issue ...