Common Weakness Enumeration

CWE-287

Discouraged

Improper Authentication

Abstraction: Class · Status: Draft

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

5976 vulnerabilities reference this CWE, most recent first.

GHSA-3M3Q-X3GJ-F79X

Vulnerability from github – Published: 2026-02-17 21:31 – Updated: 2026-03-06 01:01
VLAI
Summary
OpenClaw optional voice-call plugin: webhook verification may be bypassed behind certain proxy configurations
Details

Affected Packages / Versions

This issue affects the optional voice-call plugin only. It is not enabled by default; it only applies to installations where the plugin is installed and enabled.

  • Package: @openclaw/voice-call
  • Vulnerable versions: < 2026.2.3
  • Patched versions: >= 2026.2.3

Legacy package name (if you are still using it):

  • Package: @clawdbot/voice-call
  • Vulnerable versions: <= 2026.1.24
  • Patched versions: none published under this package name; migrate to @openclaw/voice-call

Summary

In certain reverse-proxy / forwarding setups, webhook verification can be bypassed if untrusted forwarded headers are accepted.

Impact

An external party may be able to send voice-call webhook requests that are accepted as valid, which can result in spoofed webhook events being processed.

Root Cause

Some deployments implicitly trusted forwarded headers (for example Forwarded / X-Forwarded-*) when determining request properties used during webhook verification. If those headers are not overwritten by a trusted proxy, a client can supply them directly and influence verification.

Resolution

Ignore forwarded headers by default unless explicitly trusted and allowlisted in configuration. Keep any loopback-only development bypass restricted to local development only. Upgrade to a patched version.

If you cannot upgrade immediately, strip Forwarded and X-Forwarded-* headers at the edge so clients cannot supply them directly.

Fix Commit(s)

  • a749db9820eb6d6224032a5a34223d286d2dcc2f

Credits

Thanks @0x5t for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@openclaw/voice-call"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@clawdbot/voice-call"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2026.1.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-28465"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-290",
      "CWE-345"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-17T21:31:58Z",
    "nvd_published_at": "2026-03-05T22:16:19Z",
    "severity": "HIGH"
  },
  "details": "## Affected Packages / Versions\n\nThis issue affects the optional voice-call plugin only. It is not enabled by default; it only applies to installations where the plugin is installed and enabled.\n\n- Package: `@openclaw/voice-call`\n- Vulnerable versions: `\u003c 2026.2.3`\n- Patched versions: `\u003e= 2026.2.3`\n\nLegacy package name (if you are still using it):\n\n- Package: `@clawdbot/voice-call`\n- Vulnerable versions: `\u003c= 2026.1.24`\n- Patched versions: none published under this package name; migrate to `@openclaw/voice-call`\n\n## Summary\n\nIn certain reverse-proxy / forwarding setups, webhook verification can be bypassed if untrusted forwarded headers are accepted.\n\n## Impact\n\nAn external party may be able to send voice-call webhook requests that are accepted as valid, which can result in spoofed webhook events being processed.\n\n## Root Cause\n\nSome deployments implicitly trusted forwarded headers (for example `Forwarded` / `X-Forwarded-*`) when determining request properties used during webhook verification. If those headers are not overwritten by a trusted proxy, a client can supply them directly and influence verification.\n\n## Resolution\n\nIgnore forwarded headers by default unless explicitly trusted and allowlisted in configuration. Keep any loopback-only development bypass restricted to local development only. Upgrade to a patched version.\n\nIf you cannot upgrade immediately, strip `Forwarded` and `X-Forwarded-*` headers at the edge so clients cannot supply them directly.\n\n## Fix Commit(s)\n\n- `a749db9820eb6d6224032a5a34223d286d2dcc2f`\n\n## Credits\n\nThanks `@0x5t` for reporting.",
  "id": "GHSA-3m3q-x3gj-f79x",
  "modified": "2026-03-06T01:01:21Z",
  "published": "2026-02-17T21:31:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3m3q-x3gj-f79x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28465"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/a749db9820eb6d6224032a5a34223d286d2dcc2f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.3"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-voice-call-webhook-verification-bypass-via-forwarded-headers"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw optional voice-call plugin: webhook verification may be bypassed behind certain proxy configurations"
}

GHSA-3M7R-W3XM-QWCJ

Vulnerability from github – Published: 2022-05-14 02:54 – Updated: 2022-05-14 02:54
VLAI
Details

The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-2701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-08-04T02:45:00Z",
    "severity": "MODERATE"
  },
  "details": "The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.",
  "id": "GHSA-3m7r-w3xm-qwcj",
  "modified": "2022-05-14T02:54:58Z",
  "published": "2022-05-14T02:54:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2701"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=724815"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782"
    },
    {
      "type": "WEB",
      "url": "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45425"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8325"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1025833"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/07/15/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/07/18/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/07/20/9"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/518974/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48880"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3M99-VRQX-M6H7

Vulnerability from github – Published: 2022-04-30 18:16 – Updated: 2025-04-03 03:42
VLAI
Details

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2001-0537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2001-07-21T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.",
  "id": "GHSA-3m99-vrqx-m6h7",
  "modified": "2025-04-03T03:42:07Z",
  "published": "2022-04-30T18:16:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0537"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6749"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.org/advisories/CA-2001-14.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ciac.org/ciac/bulletins/l-106.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/578"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.com"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.com"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000%40Lib-Vai.lib.asu.edu"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/2936"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3MCX-6WXM-QR8V

Vulnerability from github – Published: 2026-04-10 19:47 – Updated: 2026-04-24 21:09
VLAI
Summary
ajenti.plugin.core has password bypass when 2FA is activated
Details

Impact

If the 2FA was activated, it was possible to bypass the password authentication

Patches

This is fixed in the version 0.112. Users should upgrade to this version as soon as possible.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ajenti.plugin.core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.112"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-10T19:47:31Z",
    "nvd_published_at": "2026-04-10T20:16:22Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nIf the 2FA was activated, it was possible to bypass the password authentication\n\n### Patches\n\nThis is fixed in the version 0.112. Users should upgrade to this version as soon as possible.",
  "id": "GHSA-3mcx-6wxm-qr8v",
  "modified": "2026-04-24T21:09:45Z",
  "published": "2026-04-10T19:47:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ajenti/ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40177"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ajenti/ajenti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "ajenti.plugin.core has password bypass when 2FA is activated"
}

GHSA-3MFX-6PRR-4G43

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-07-13 00:01
VLAI
Details

Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before 1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before 1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before 1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before 2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10, RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700 before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before 2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before 1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3 before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before 1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.22.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-11T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before 1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before 1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before 1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before 2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10, RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700 before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before 2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before 1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3 before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before 1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.22.",
  "id": "GHSA-3mfx-6prr-4g43",
  "modified": "2022-07-13T00:01:35Z",
  "published": "2022-05-24T19:10:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38514"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000063757/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2017-2449"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3MXH-57X7-M994

Vulnerability from github – Published: 2022-05-17 04:59 – Updated: 2022-05-17 04:59
VLAI
Details

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-5531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-10-25T03:52:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.",
  "id": "GHSA-3mxh-57x7-m994",
  "modified": "2022-05-17T04:59:19Z",
  "published": "2022-05-17T04:59:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5531"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3P4V-HP85-8J3W

Vulnerability from github – Published: 2022-05-17 01:50 – Updated: 2022-05-17 01:50
VLAI
Details

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-0702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-01-31T12:06:00Z",
    "severity": "MODERATE"
  },
  "details": "Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.",
  "id": "GHSA-3p4v-hp85-8j3w",
  "modified": "2022-05-17T01:50:08Z",
  "published": "2022-05-17T01:50:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0702"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73287"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3P6J-M8J2-M6RC

Vulnerability from github – Published: 2023-04-14 15:30 – Updated: 2024-04-04 03:28
VLAI
Details

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45174"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-14T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code.",
  "id": "GHSA-3p6j-m8j2-m6rc",
  "modified": "2024-04-04T03:28:30Z",
  "published": "2023-04-14T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45174"
    },
    {
      "type": "WEB",
      "url": "https://www.gruppotim.it/it/footer/red-team.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3PCR-4VGR-X46G

Vulnerability from github – Published: 2023-06-27 00:30 – Updated: 2024-04-04 05:11
VLAI
Details

Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.

This is similar to, but not identical to CVE-2023-32524.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-26T22:15:10Z",
    "severity": "HIGH"
  },
  "details": "Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.\n\nThis is similar to, but not identical to CVE-2023-32524.",
  "id": "GHSA-3pcr-4vgr-x46g",
  "modified": "2024-04-04T05:11:03Z",
  "published": "2023-06-27T00:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32523"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-587"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3PF7-C5VH-FJ2R

Vulnerability from github – Published: 2022-05-17 01:35 – Updated: 2022-05-17 01:35
VLAI
Details

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-3268"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-04-24T10:28:00Z",
    "severity": "HIGH"
  },
  "details": "Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.",
  "id": "GHSA-3pf7-c5vh-fj2r",
  "modified": "2022-05-17T01:35:10Z",
  "published": "2022-05-17T01:35:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3268"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=807429"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83761"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/support/kb/doc.php?id=7010166"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/59450"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

CAPEC-114: Authentication Abuse

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

CAPEC-115: Authentication Bypass

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

CAPEC-151: Identity Spoofing

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

CAPEC-194: Fake the Source of Data

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.

CAPEC-593: Session Hijacking

This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.

CAPEC-633: Token Impersonation

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

CAPEC-650: Upload a Web Shell to a Web Server

By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.