4 matches found
golang-nanoauth authentication bypass vulnerability
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token...
CVE-2020-36569
The CVE-2020-36569 entry concerns golang-nanoauth, where authentication is bypassed in the authentication layer when ListenAndServe is invoked with an empty token. Affected versions are v0.0.0-20160722212129-ac0cc4484ad4 through v0.0.0-20200131131040-063a3fb69896. The issue is described as an aut...
CVE-2020-36569 Authentication bypass in github.com/nanobox-io/golang-nanoauth
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token...
GO-2020-0004 Authentication bypass in github.com/nanobox-io/golang-nanoauth
If any of the ListenAndServe functions are called with an empty token, token authentication is disabled globally for all listeners. Also, a minor timing side channel was present allowing attackers with very low latency and able to make many requests to potentially recover the token...