CVE-2009-2422

The example code for the digest authentication functionality httpauthentication.rb in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication f...

rails vulnerable to improper authentication

The example code for the digest authentication functionality httpauthentication.rb in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication f...

GHSA-RXQ3-GM4P-5FJ4 rails vulnerable to improper authentication

The example code for the digest authentication functionality httpauthentication.rb in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication f...

Ruby on Rails 'authenticate_or_request_with_http_digest'方法拒绝服务漏洞

BUGTRAQ ID: 54704 CVE ID: CVE-2012-3424 Ruby on Rails简称RoR或Rails，是一个使用Ruby语言写的开源Web应用框架，它是严格按照MVC结构开发的。 Ruby on Rails 3.0.16、3.1.7、3.2.7之前版本在使用了"withhttpdigest" 控制器助手方法的actionpack/lib/actioncontroller/metal/httpauthentication.rb中存在错误，可被恶意用户利用造成拒绝服务。 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby ...

Ruby on Rails Authentication Bypass Vulnerability (Jun 2009)

Ruby on Rails is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2009-2422

Ruby on Rails before 2.3.3 contains a vulnerability in the http_authentication.rb example for digest authentication: authenticate_or_request_with_http_digest returns nil instead of false when the user does not exist, enabling context-dependent attackers to bypass authentication for applications d...