Latest Authentication Bypass news

Cisco BroadWorks impacted by critical authentication bypass flaw

A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication.
- Bill Toulas
- September 07, 2023
- 04:10 PM
- 0
VMware Aria vulnerable to critical SSH authentication bypass flaw

VMware Aria Operations for Networks (formerly vRealize Network Insight) is vulnerable to a critical severity authentication bypass flaw that could allow remote attackers to bypass SSH authentication and access private endpoints.
- Bill Toulas
- August 30, 2023
- 12:19 PM
- 0
Exploit released for Ivanti Sentry bug abused as zero-day in attacks

Proof-of-concept exploit code is now available for a critical Ivanti Sentry authentication bypass vulnerability that enables attackers to execute code remotely as root on vulnerable systems.
- Sergiu Gatlan
- August 24, 2023
- 11:20 AM
- 0
Over 3,000 Openfire servers vulnerable to takover attacks

Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts.
- Bill Toulas
- August 23, 2023
- 03:36 PM
- 0
Ivanti warns of new actively exploited MobileIron zero-day bug

US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.
- Sergiu Gatlan
- August 21, 2023
- 11:28 AM
- 0
Ivanti discloses new critical auth bypass bug in MobileIron Core

IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software.
- Sergiu Gatlan
- August 02, 2023
- 04:49 PM
- 0
Ivanti patches MobileIron zero-day bug exploited in attacks

US-based IT software company Ivanti has patched an actively exploited zero-day authentication bypass vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).
- Sergiu Gatlan
- July 24, 2023
- 04:05 PM
- 0
SonicWall warns admins to patch critical auth bypass bugs immediately

SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System (GMS) firewall management and Analytics network reporting engine software suites.
- Sergiu Gatlan
- July 12, 2023
- 04:08 PM
- 0
Exploit released for new Arcserve UDP auth bypass vulnerability

Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can let attackers bypass authentication and gain admin privileges.
- Sergiu Gatlan
- June 28, 2023
- 04:50 PM
- 0
Grafana warns of critical auth bypass due to Azure AD integration

Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses Azure Active Directory for authentication.
- Bill Toulas
- June 24, 2023
- 11:18 AM
- 0
VMware fixes vCenter Server bugs allowing code execution, auth bypass

VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems.
- Sergiu Gatlan
- June 22, 2023
- 12:07 PM
- 0
WordPress force patching WooCommerce plugin with 500K installs

Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of websites running the highly popular WooCommerce Payments for online stores.
- Sergiu Gatlan
- March 23, 2023
- 05:39 PM
- 0
Over 19,000 end-of-life Cisco routers exposed to RCE attacks

Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain.
- Sergiu Gatlan
- January 20, 2023
- 04:26 PM
- 1
Hackers exploit Cacti critical bug to install malware, open reverse shells

More than 1,600 instances of the Cacti device monitoring tool reachable over the internet are vulnerable to a critical security issue that hackers have already started to exploit.
- Ionut Ilascu
- January 15, 2023
- 07:39 PM
- 0
Cisco warns of auth bypass bug with public exploit in EoL routers

Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers.
- Sergiu Gatlan
- January 11, 2023
- 01:50 PM
- 0
Auth0 fixes RCE flaw in JsonWebToken library used by 22,000 projects

Auth0 fixed a remote code execution vulnerability in the immensely popular 'JsonWebToken' open-source library used by over 22,000 projects and downloaded over 36 million times per month on NPM.
- Bill Toulas
- January 09, 2023
- 01:06 PM
- 0
VMware fixes three critical auth bypass bugs in remote access tool

VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin.
- Sergiu Gatlan
- November 08, 2022
- 03:24 PM
- 0
Citrix urges admins to patch critical ADC, Gateway auth bypass

Citrix is urging customers to install security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway.
- Bill Toulas
- November 08, 2022
- 12:03 PM
- 0
Exploit available for critical Fortinet auth bypass bug, patch now

Proof-of-concept exploit code is now available for a critical authentication bypass vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager appliances.
- Sergiu Gatlan
- October 13, 2022
- 02:10 PM
- 2
Aruba fixes critical RCE and auth bypass flaws in EdgeConnect

Aruba has released security updates for the EdgeConnect Enterprise Orchestrator, addressing multiple critical severity vulnerabilities that enable remote attackers to compromise the host.
- Bill Toulas
- October 12, 2022
- 12:18 PM
- 0