DEBIAN-CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

GO-2025-3484 Navidrome allows an authentication bypass in Subsonic API with non-existent username in github.com/navidrome/navidrome

Navidrome allows an authentication bypass in Subsonic API with non-existent username in github.com/navidrome/navidrome...

GHSA-C3P4-VM8F-386P Navidrome allows an authentication bypass in Subsonic API with non-existent username

Summary In certain Subsonic API endpoints, authentication can be bypassed by using a non-existent username combined with an empty salted password hash. This allows read-only access to the server’s resources, though attempts at write operations fail with a “permission denied” error. Details A flaw...

Navidrome allows an authentication bypass in Subsonic API with non-existent username

Summary In certain Subsonic API endpoints, authentication can be bypassed by using a non-existent username combined with an empty salted password hash. This allows read-only access to the server’s resources, though attempts at write operations fail with a “permission denied” error. Details A flaw...

Authentication Bypass

geronimo is vulnerable to authentication bypass. A remote attacker is able to bypass the login function by attempting to login using a non-existent username...