4 matches found
Authentication Bypass
faye is vulnerable to Authentication Bypass. The vulnerability exists through the way Faye server recognizes meta channels, treating a message to any channel that is a prefix-match for one of the special channels /meta/handshake, /meta/connect, /meta/subscribe, /meta/unsubscribe, /meta/disconnect...
GHSA-QPG4-4W7W-2MQ5 Authentication and extension bypass in Faye
On 20 April 2020 it was reported to me that the potential for authentication bypass exists in Faye1's extension system. This vulnerability has existed in the Node.js and Ruby versions of the server since version 0.5.0, when extensions were first introduced, in July 2010. It is patched in versions...
Authentication and extension bypass in Faye
On 20 April 2020 it was reported to me that the potential for authentication bypass exists in Faye1's extension system. This vulnerability has existed in the Node.js and Ruby versions of the server since version 0.5.0, when extensions were first introduced, in July 2010. It is patched in versions...
Authentication and extension bypass in Faye
On 20 April 2020 it was reported to me that the potential for authentication bypass exists in Faye1's extension system. This vulnerability has existed in the Node.js and Ruby versions of the server since version 0.5.0, when extensions were first introduced, in July 2010. It is patched in versions...