2 matches found
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the UseRecoveryCode function, which fails to check the supplied userID before validating the second factor. A user in possession of the username and password of another user ca...
OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)
It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...