Lucene search
Veracode Vulnerability DatabaseVERACODE:5470HistoryNov 22, 2017 - 12:40 a.m.
Authentication Bypass
2017-11-2200:40:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.004 Low
EPSS
Percentile
75.0%
swauth is vulnerable to authentication bypass. Attackers can use a request token from the log file, to use in the X-Auth-Token header of a new request. The tokens are present in the logs because they are being saved unhashed as a part of a GET URI.
Related
osv
osv
PYSEC-2017-84
2017-11-21 13:29:00
CVE-2017-16613
2017-11-21 13:29:00
swauth - security update
2017-11-21 00:00:00
ubuntucve
ubuntucve
CVE-2017-16613
2017-11-21 00:00:00
prion
prion
Authentication flaw
2017-11-21 13:29:00
nessus
nessus
Debian DSA-4044-1 : swauth - security update
2017-11-22 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4044-1)
2017-11-20 00:00:00
github
github
OpenStack Swauth object/proxy server writing Auth Token to log file
2022-05-17 00:16:14
debian
debian
[SECURITY] [DSA 4044-1] swauth security update
2017-11-21 16:10:09
cvelist
cvelist
CVE-2017-16613
2017-11-21 13:00:00
debiancve
debiancve
CVE-2017-16613
2017-11-21 13:29:00
nvd
nvd
CVE-2017-16613
2017-11-21 13:29:00
cve
cve
CVE-2017-16613
2017-11-21 13:29:00