CWE-287
DiscouragedImproper Authentication
Abstraction: Class · Status: Draft
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
5970 vulnerabilities reference this CWE, most recent first.
GHSA-P6V9-PF62-JJ8W
Vulnerability from github – Published: 2022-05-17 02:46 – Updated: 2022-05-17 02:46Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2017-2101"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-28T16:59:00Z",
"severity": "HIGH"
},
"details": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.",
"id": "GHSA-p6v9-pf62-jj8w",
"modified": "2022-05-17T02:46:59Z",
"published": "2022-05-17T02:46:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2101"
},
{
"type": "WEB",
"url": "http://jvn.jp/en/jp/JVN88176589/index.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96261"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P6X6-9MX6-26WJ
Vulnerability from github – Published: 2026-02-06 17:54 – Updated: 2026-02-06 19:06Contact OpenAI Security Research at outbounddisclosures@openai.com to engage on this report.
See PDF report for easier reading.
Security Advisory: 2FA Bypass via Recovery Code Vulnerability Type: 2FA Authentication Bypass Affected Software: GOGS Severity: High Date: Aug 5, 2025 Discoverer: OpenAI Security Research Summary Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use Security Advisory_ 2FA Bypass via Recovery Code - Google Docs.pdf any unused recovery code (e.g., from their own account) to bypass the victim’s 2FA. This enables full account takeover and renders 2FA ineffective in all environments where it's enabled. Affected Versions Software: Gogs Confirmed Version(s): All versions with 2FA support Likely Affected: All versions since introduction of UseRecoveryCode logic Introduced Commit: a617d52374e937db0edacfba2a26bdd14a05538e Commit: a617d52374e937db0edacfba2a26bdd14a05538e Author: Joe Chen Date: Apr 5, 2017 Description: 2fa: initial support
Vulnerability Details The function UseRecoveryCode in internal/database/two_factor.go fails to check that the recovery code belongs to the authenticating user. Instead, it looks for any unused recovery code: Vulnerable Code Snippet
func UseRecoveryCode(_ int64, code string) error {
recoveryCode := new(TwoFactorRecoveryCode)
has, err := x.Where("code = ?", code).And("is_used = ?", false).Get(recoveryCode)
...
}
Although the caller passes userID, it is ignored. The result is a global lookup for any unused code, allowing an attacker to submit their own recovery code during another user's login flow.
Call Chain
web login handler → UseRecoveryCode(userID, code) → DB query without userID constraint Proof-of-Concept (PoC) Description This bug is tested against the latest version of Gogs hosted on Dockerhub. Attacker uses their own recovery code to bypass another user’s 2FA. Steps Create attacker account A and enable 2FA. Save a code like "abcde-fghij". Obtain credentials for victim B. Attempt login as B via web. When prompted for recovery code, submit A's code. Login as B succeeds; A's code is marked as used.
Impact 2FA rendered ineffective for all users Realistic Exploitation Scenarios Public Gogs instances with 2FA enabled Developer or maintainer accounts Enterprise self-hosted Gogs servers Potential Impact This vulnerability critically undermines 2FA. Since recovery codes are not globally unique and lack user scoping, any attacker with victim credentials can use one of their own recovery codes to complete login as the victim — bypassing all 2FA protections. This opens the door to account hijacking, data exfiltration, and downstream supply chain compromise. Timeline August 2025: Discovered via GPT5 August 2025: Reproduced and confirmed via PoC and sanitizer Aug 6, 2025 - Sent to Gogs via https://github.com/gogs/gogs/security/advisories/new
This information is being shared by OpenAI solely for the purpose of improving security and reducing potential harm. This information is presented as-is. OpenAI Security Research makes no representations or warranties, express or implied, as to the completeness, accuracy, or fitness for any particular purpose of the information. [This includes, without limitation any suggestions or ideas presented on how to remedy or mitigate an identified vulnerability, including whether such suggestions or ideas would be effective and/or could have other negative impacts.] OpenAI disclaims any liability for direct or indirect damages arising from the reliance on, or use, misuse, or interpretation of this information. Any references to third-party systems, services, or entities are included solely for identification purposes and do not imply endorsement, responsibility, or attribution.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.13.3"
},
"package": {
"ecosystem": "Go",
"name": "gogs.io/gogs"
},
"ranges": [
{
"events": [
{
"introduced": "0.11.19"
},
{
"fixed": "0.13.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-64175"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-06T17:54:52Z",
"nvd_published_at": "2026-02-06T18:15:55Z",
"severity": "HIGH"
},
"details": "Contact OpenAI Security Research at outbounddisclosures@openai.com to engage on this report. \nSee PDF report for easier reading.\n\nSecurity Advisory: 2FA Bypass via Recovery Code\nVulnerability Type: 2FA Authentication Bypass\nAffected Software: GOGS\nSeverity: High\nDate: Aug 5, 2025\nDiscoverer: OpenAI Security Research\nSummary\nGogs\u2019 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim\u2019s username and password, they can use\n[Security Advisory_ 2FA Bypass via Recovery Code - Google Docs.pdf](https://github.com/user-attachments/files/21643266/Security.Advisory_.2FA.Bypass.via.Recovery.Code.-.Google.Docs.pdf)\n any unused recovery code (e.g., from their own account) to bypass the victim\u2019s 2FA. This enables full account takeover and renders 2FA ineffective in all environments where it\u0027s enabled.\nAffected Versions\nSoftware: [Gogs](https://github.com/gogs/gogs/tree/main)\nConfirmed Version(s): All versions with 2FA support\nLikely Affected: All versions since introduction of UseRecoveryCode logic\nIntroduced Commit: [a617d52374e937db0edacfba2a26bdd14a05538e](https://github.com/gogs/gogs/commit/a617d52374e937db0edacfba2a26bdd14a05538e) \nCommit: a617d52374e937db0edacfba2a26bdd14a05538e\nAuthor: Joe Chen\nDate: Apr 5, 2017\nDescription: 2fa: initial support \n\nVulnerability Details\nThe function UseRecoveryCode in internal/database/two_factor.go fails to check that the recovery code belongs to the authenticating user. Instead, it looks for any unused recovery code:\nVulnerable Code Snippet\n```go\nfunc UseRecoveryCode(_ int64, code string) error {\n recoveryCode := new(TwoFactorRecoveryCode)\n has, err := x.Where(\"code = ?\", code).And(\"is_used = ?\", false).Get(recoveryCode)\n ...\n}\n```\nAlthough the caller passes userID, it is ignored. The result is a global lookup for any unused code, allowing an attacker to submit their own recovery code during another user\u0027s login flow.\n\nCall Chain\n\nweb login handler\n \u2192 UseRecoveryCode(userID, code)\n \u2192 DB query without userID constraint\nProof-of-Concept (PoC)\nDescription\nThis bug is tested against the latest version of Gogs hosted on [Dockerhub](https://hub.docker.com/r/gogs/gogs). Attacker uses their own recovery code to bypass another user\u2019s 2FA.\nSteps\nCreate attacker account A and enable 2FA. Save a code like \"abcde-fghij\".\nObtain credentials for victim B.\nAttempt login as B via web.\nWhen prompted for recovery code, submit A\u0027s code.\nLogin as B succeeds; A\u0027s code is marked as used.\n\n\nImpact\n2FA rendered ineffective for all users\nRealistic Exploitation Scenarios\nPublic Gogs instances with 2FA enabled\nDeveloper or maintainer accounts\nEnterprise self-hosted Gogs servers\nPotential Impact\nThis vulnerability critically undermines 2FA. Since recovery codes are not globally unique and lack user scoping, any attacker with victim credentials can use one of their own recovery codes to complete login as the victim \u2014 bypassing all 2FA protections. This opens the door to account hijacking, data exfiltration, and downstream supply chain compromise.\nTimeline\nAugust 2025: Discovered via GPT5\nAugust 2025: Reproduced and confirmed via PoC and sanitizer\nAug 6, 2025 - Sent to Gogs via https://github.com/gogs/gogs/security/advisories/new\n\n\nThis information is being shared by OpenAI solely for the purpose of improving security and reducing potential harm. This information is presented as-is. OpenAI Security Research makes no representations or warranties, express or implied, as to the completeness, accuracy, or fitness for any particular purpose of the information. [This includes, without limitation any suggestions or ideas presented on how to remedy or mitigate an identified vulnerability, including whether such suggestions or ideas would be effective and/or could have other negative impacts.]\nOpenAI disclaims any liability for direct or indirect damages arising from the reliance on, or use, misuse, or interpretation of this information. Any references to third-party systems, services, or entities are included solely for identification purposes and do not imply endorsement, responsibility, or attribution.",
"id": "GHSA-p6x6-9mx6-26wj",
"modified": "2026-02-06T19:06:46Z",
"published": "2026-02-06T17:54:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-p6x6-9mx6-26wj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64175"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/commit/a617d52374e937db0edacfba2a26bdd14a05538e"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/commit/d568e048315dc9729c8518d8085cab7dbbfac80f"
},
{
"type": "PACKAGE",
"url": "https://github.com/gogs/gogs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Gogs Vulnerable to 2FA Bypass via Recovery Code"
}
GHSA-P747-QC5P-773R
Vulnerability from github – Published: 2026-03-20 20:43 – Updated: 2026-03-25 20:34Summary
Any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window.
Details
The below code is called when a user that has 2FA is authenticating to the application. Once they submit a valid username-password-totp combination, the user gets authenticated. If that same TOTP is used for the same user's account again within the validity window, it will allow the other session to authenticate successfully.
Source: pkg/user/totp.go:128
// ValidateTOTPPasscode validated totp codes of users.
func ValidateTOTPPasscode(s *xorm.Session, passcode *TOTPPasscode) (t *TOTP, err error) {
t, err = GetTOTPForUser(s, passcode.User)
if err != nil {
return
}
if !totp.Validate(passcode.Passcode, t.Secret) {
return nil, ErrInvalidTOTPPasscode{Passcode: passcode.Passcode}
}
return
}
Section 6.5.1 within the Authentication section of the OWASP ASVS recommends multiple checks, some of which involving TOTPs:
Verify that lookup secrets, out-of-band authentication requests or codes, and time-based one-time passwords (TOTPs) are only successfully usable once.
The OWASP WSTG also references this as one of their checks to look for:
Can the OTPs be used more than once?
PoC
https://github.com/user-attachments/assets/19d3b4c3-c219-4f59-b57d-45c9f6a264c8
Impact
Any user who uses 2FA could be impacted if their traffic is able to be captured, they're phished/social engineered, or other methods of attack. This disrupts one layer of the defense-in-depth model surrounding 2FA.
Similar CVEs
Remediation
Store a deny-list of TOTP codes for their validity windows and check submitted codes against it to ensure none are being reused. After their validity window has closed, the 2FA code can be removed from the list.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2.2.1"
},
"package": {
"ecosystem": "Go",
"name": "code.vikunja.io/api"
},
"ranges": [
{
"events": [
{
"introduced": "0.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33473"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-20T20:43:00Z",
"nvd_published_at": "2026-03-24T16:16:33Z",
"severity": "MODERATE"
},
"details": "### Summary\nAny user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window.\n\n### Details\nThe below code is called when a user that has 2FA is authenticating to the application. Once they submit a valid username-password-totp combination, the user gets authenticated. If that same TOTP is used for the same user\u0027s account again within the validity window, it will allow the other session to authenticate successfully.\n\n**Source**: \u003cins\u003epkg/user/totp.go:128\u003c/ins\u003e\n```go\n// ValidateTOTPPasscode validated totp codes of users.\nfunc ValidateTOTPPasscode(s *xorm.Session, passcode *TOTPPasscode) (t *TOTP, err error) {\n\tt, err = GetTOTPForUser(s, passcode.User)\n\tif err != nil {\n\t\treturn\n\t}\n\n\tif !totp.Validate(passcode.Passcode, t.Secret) {\n\t\treturn nil, ErrInvalidTOTPPasscode{Passcode: passcode.Passcode}\n\t}\n\n\treturn\n}\n```\n\nSection 6.5.1 within the [Authentication](https://github.com/OWASP/ASVS/blob/master/5.0/en/0x15-V6-Authentication.md) section of the OWASP ASVS recommends multiple checks, some of which involving TOTPs:\n\n\u003e Verify that lookup secrets, out-of-band authentication requests or codes, and time-based one-time passwords (TOTPs) are only successfully usable once.\n\nThe OWASP WSTG also references this as one of their [checks](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/11-Testing_Multi-Factor_Authentication) to look for:\n\n\u003e Can the OTPs be used more than once?\n\n### PoC\n\nhttps://github.com/user-attachments/assets/19d3b4c3-c219-4f59-b57d-45c9f6a264c8\n\n### Impact\nAny user who uses 2FA could be impacted if their traffic is able to be captured, they\u0027re phished/social engineered, or other methods of attack. This disrupts one layer of the defense-in-depth model surrounding 2FA.\n\n### Similar CVEs\n\n- [CVE-2025-6014](https://nvd.nist.gov/vuln/detail/CVE-2025-6014)\n- [CVE-2025-55003](https://nvd.nist.gov/vuln/detail/CVE-2025-55003)\n\n### Remediation\n\nStore a deny-list of TOTP codes for their validity windows and check submitted codes against it to ensure none are being reused. After their validity window has closed, the 2FA code can be removed from the list.",
"id": "GHSA-p747-qc5p-773r",
"modified": "2026-03-25T20:34:07Z",
"published": "2026-03-20T20:43:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-p747-qc5p-773r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33473"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-vikunja/vikunja"
},
{
"type": "WEB",
"url": "https://vikunja.io/changelog/vikunja-v2.2.0-was-released"
},
{
"type": "WEB",
"url": "https://vikunja.io/changelog/vikunja-v2.2.2-was-released"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Vikunja has TOTP Reuse During Validity Window"
}
GHSA-P785-52CF-XGG7
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:04A default username and password in Dentsply Sirona Sidexis 4.2 and possibly others allows an attacker to gain administrative access to the application server.
{
"affected": [],
"aliases": [
"CVE-2019-11081"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-24T15:29:00Z",
"severity": "CRITICAL"
},
"details": "A default username and password in Dentsply Sirona Sidexis 4.2 and possibly others allows an attacker to gain administrative access to the application server.",
"id": "GHSA-p785-52cf-xgg7",
"modified": "2024-04-04T00:04:35Z",
"published": "2022-05-24T16:44:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11081"
},
{
"type": "WEB",
"url": "https://bastolino.de/sidexis4vuln.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P7J9-6RJW-4CW5
Vulnerability from github – Published: 2022-05-14 01:42 – Updated: 2022-05-14 01:42HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template.
{
"affected": [],
"aliases": [
"CVE-2018-7108"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-27T18:29:00Z",
"severity": "MODERATE"
},
"details": "HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template.",
"id": "GHSA-p7j9-6rjw-4cw5",
"modified": "2022-05-14T01:42:48Z",
"published": "2022-05-14T01:42:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7108"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03879en_us"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041696"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P7Q7-P4XF-XRPF
Vulnerability from github – Published: 2023-02-09 18:30 – Updated: 2025-03-24 21:30The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.
{
"affected": [],
"aliases": [
"CVE-2022-48294"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-09T17:15:00Z",
"severity": "HIGH"
},
"details": "The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.",
"id": "GHSA-p7q7-p4xf-xrpf",
"modified": "2025-03-24T21:30:26Z",
"published": "2023-02-09T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48294"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/2"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P7RG-RP2H-C9H8
Vulnerability from github – Published: 2022-05-17 05:06 – Updated: 2022-05-17 05:06The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.
{
"affected": [],
"aliases": [
"CVE-2013-4877"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-07-18T16:51:00Z",
"severity": "LOW"
},
"details": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.",
"id": "GHSA-p7rg-rp2h-c9h8",
"modified": "2022-05-17T05:06:04Z",
"published": "2022-05-17T05:06:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4877"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/61169"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P7RW-CJJV-6CC4
Vulnerability from github – Published: 2022-05-14 02:40 – Updated: 2022-05-14 02:40JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.
{
"affected": [],
"aliases": [
"CVE-2008-5124"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-18T00:30:00Z",
"severity": "HIGH"
},
"details": "JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.",
"id": "GHSA-p7rw-cjjv-6cc4",
"modified": "2022-05-14T02:40:42Z",
"published": "2022-05-14T02:40:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5124"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43300"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30822"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/4606"
},
{
"type": "WEB",
"url": "http://www.jscape.com/sftpapplet/docs/HTML/index.html?introhistory.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/493569/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/493652/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/29882"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1020346"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1919/references"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P829-FQ6P-P9CF
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.
{
"affected": [],
"aliases": [
"CVE-2021-32071"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-13T16:15:00Z",
"severity": "CRITICAL"
},
"details": "The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.",
"id": "GHSA-p829-fq6p-p9cf",
"modified": "2022-05-24T19:11:05Z",
"published": "2022-05-24T19:11:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32071"
},
{
"type": "WEB",
"url": "https://www.mitel.com/support/security-advisories"
},
{
"type": "WEB",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P82R-CC76-F4X5
Vulnerability from github – Published: 2022-05-17 01:17 – Updated: 2022-05-17 01:17NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.
{
"affected": [],
"aliases": [
"CVE-2015-7746"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-01T13:29:00Z",
"severity": "CRITICAL"
},
"details": "NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.",
"id": "GHSA-p82r-cc76-f4x5",
"modified": "2022-05-17T01:17:01Z",
"published": "2022-05-17T01:17:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7746"
},
{
"type": "WEB",
"url": "https://kb.netapp.com/support/index?page=content\u0026id=9010049"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Libraries or Frameworks
Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.