CVE-2025-66039

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...

CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...

EUVD-2025-202329

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...

CVE-2025-66039

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...

CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...

CVE-2025-66039

CVE-2025-66039 affects FreePBX Endpoint Manager. The vulnerability is an authentication bypass when the Webserver Authorization Mode is enabled: sending an Authorization header with an arbitrary value associates a session with the target user despite valid credentials. This can lead to unauthoriz...

PT-2025-50274

Name of the Vulnerable Software and Affected Versions FreePBX Endpoint Manager versions 16.0.0 through 16.0.43 FreePBX Endpoint Manager versions 17.0.0 through 17.0.22 Description The FreePBX Endpoint Manager module contains a flaw in its authentication mechanism when the authentication type is s...

EUVD-2023-46403

Malicious code in bioql PyPI...

CVE-2023-41926

The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

PT-2024-31404 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.44.0 Description: A timing-based username enumeration vulnerability exists in Fides Webserver authentication, allowing an unauthenticated attacker to determine the existence of valid usernames by analyzing the time i...

SA-CONTRIB-2014-058 - Webserver Auth - Access Bypass

This module allows you to delegate user authentication to the web server. The module can be configured to automatically create users that have been authenticated by the web server. There was an issue where a configuration variable did not have consistent default values in the code meaning that in...