Common Weakness Enumeration
CWE-305
AllowedAuthentication Bypass by Primary Weakness
Abstraction: Base · Status: Draft
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
281 vulnerabilities reference this CWE, most recent first.
CVE-2020-15077 (GCVE-0-2020-15077)
Vulnerability from cvelistv5 – Published: 2021-06-04 10:42 – Updated: 2024-08-04 13:08
VLAI
EPSS
VEX
Summary
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Severity
No CVSS data available.
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://openvpn.net/vpn-server-resources/release-notes/ | x_refsource_MISC |
| https://openvpn.net/security-advisory/access-serv… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OpenVPN Access Server |
Affected:
2.8.7 and earlier versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Access Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.8.7 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T10:42:01.000Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2020-15077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Access Server",
"version": {
"version_data": [
{
"version_value": "2.8.7 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305: Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"name": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/",
"refsource": "MISC",
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2020-15077",
"datePublished": "2021-06-04T10:42:01.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:21.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14359 (GCVE-0-2020-14359)
Vulnerability from cvelistv5 – Published: 2021-02-23 12:42 – Updated: 2024-08-04 12:39
VLAI
EPSS
VEX
Summary
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1868591 | x_refsource_MISC |
| https://issues.jboss.org/browse/KEYCLOAK-14090 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868591"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/KEYCLOAK-14090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "keycloak",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions as of 2021-02-22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T20:03:45.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868591"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.jboss.org/browse/KEYCLOAK-14090"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14359",
"datePublished": "2021-02-23T12:42:06.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:39:36.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11012 (GCVE-0-2020-11012)
Vulnerability from cvelistv5 – Published: 2020-04-23 21:55 – Updated: 2024-08-04 11:21
VLAI
EPSS
VEX
Title
Authentication bypass MinIO Admin API
Summary
MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.
Severity
9.3 (Critical)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/minio/minio/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/minio/minio/pull/9422 | x_refsource_MISC |
| https://github.com/minio/minio/commit/4cd6ca02c79… | x_refsource_MISC |
| https://github.com/minio/minio/releases/tag/RELEA… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/minio/minio/pull/9422"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "minio",
"vendor": "MinIO",
"versions": [
{
"status": "affected",
"version": "\u003c RELEASE.2020-04-23T00-58-49Z"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T21:55:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/minio/minio/pull/9422"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z"
}
],
"source": {
"advisory": "GHSA-xv4r-vccv-mg4w",
"discovery": "UNKNOWN"
},
"title": "Authentication bypass MinIO Admin API",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11012",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass MinIO Admin API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "minio",
"version": {
"version_data": [
{
"version_value": "\u003c RELEASE.2020-04-23T00-58-49Z"
}
]
}
}
]
},
"vendor_name": "MinIO"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305: Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w",
"refsource": "CONFIRM",
"url": "https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w"
},
{
"name": "https://github.com/minio/minio/pull/9422",
"refsource": "MISC",
"url": "https://github.com/minio/minio/pull/9422"
},
{
"name": "https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923",
"refsource": "MISC",
"url": "https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923"
},
{
"name": "https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z",
"refsource": "MISC",
"url": "https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z"
}
]
},
"source": {
"advisory": "GHSA-xv4r-vccv-mg4w",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11012",
"datePublished": "2020-04-23T21:55:14.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10923 (GCVE-0-2020-10923)
Vulnerability from cvelistv5 – Published: 2020-07-28 17:10 – Updated: 2024-08-04 11:14
VLAI
EPSS
VEX
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.
Severity
6.5 (Medium)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-703/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "R6700",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "V1.0.4.84_10.0.58"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski of Team Flashback"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-28T17:10:35.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-703/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-10923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R6700",
"version": {
"version_data": [
{
"version_value": "V1.0.4.84_10.0.58"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "Pedro Ribeiro and Radek Domanski of Team Flashback",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305: Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-703/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-703/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-10923",
"datePublished": "2020-07-28T17:10:35.000Z",
"dateReserved": "2020-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:15.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10126 (GCVE-0-2020-10126)
Vulnerability from cvelistv5 – Published: 2020-08-21 20:30 – Updated: 2025-11-04 19:12
VLAI
EPSS
VEX
Summary
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive.
Severity
No CVSS data available.
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/815655 | x_refsource_MISC |
| https://www.ncr.com/content/dam/ncrcom/content-ty… | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/815655 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NCR | SelfServ ATM |
Affected:
APTRA XFS 05.01.00
|
Date Public
2020-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:05.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/815655"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_"
},
{
"url": "https://www.kb.cert.org/vuls/id/815655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SelfServ ATM",
"vendor": "NCR",
"versions": [
{
"status": "affected",
"version": "APTRA XFS 05.01.00"
}
]
}
],
"datePublic": "2020-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T20:30:40.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cert.org/vuls/id/815655"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2020-08-20T16:34:00.000Z",
"ID": "CVE-2020-10126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SelfServ ATM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "APTRA XFS",
"version_value": "05.01.00"
}
]
}
}
]
},
"vendor_name": "NCR"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/815655",
"refsource": "MISC",
"url": "https://kb.cert.org/vuls/id/815655"
},
{
"name": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_",
"refsource": "MISC",
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10126",
"datePublished": "2020-08-21T20:30:40.835Z",
"dateReserved": "2020-03-05T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:05.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-10123 (GCVE-0-2020-10123)
Vulnerability from cvelistv5 – Published: 2020-08-21 20:30 – Updated: 2025-11-04 19:12
VLAI
EPSS
VEX
Summary
The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows.
Severity
No CVSS data available.
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/116713 | x_refsource_MISC |
| https://www.ncr.com/content/dam/ncrcom/content-ty… | x_refsource_MISC |
| https://www.ncr.com/content/dam/ncrcom/unsorted/j… | x_refsource_MISC |
| https://www.ncr.com/content/dam/ncrcom/content-ty… | x_refsource_MISC |
| https://www.ncr.com/content/dam/ncrcom/content-ty… | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/116713 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NCR | SelfServ ATM |
Affected:
APTRA XFS , ≤ 05.01.00
(custom)
|
Date Public
2020-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:01.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/116713"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-10-S1_and_S2_Critical_Update.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ncr.com/content/dam/ncrcom/unsorted/jackpot_attacks_in_the_us_-_january_2018.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_v5.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Secure_white_paper-Dispenser_Security_Solution_September_2018.pdf"
},
{
"url": "https://www.kb.cert.org/vuls/id/116713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SelfServ ATM",
"vendor": "NCR",
"versions": [
{
"lessThanOrEqual": "05.01.00",
"status": "affected",
"version": "APTRA XFS",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T20:30:39.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cert.org/vuls/id/116713"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-10-S1_and_S2_Critical_Update.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ncr.com/content/dam/ncrcom/unsorted/jackpot_attacks_in_the_us_-_january_2018.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_v5.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Secure_white_paper-Dispenser_Security_Solution_September_2018.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2020-08-20T16:34:00.000Z",
"ID": "CVE-2020-10123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SelfServ ATM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "APTRA XFS",
"version_value": "05.01.00"
}
]
}
}
]
},
"vendor_name": "NCR"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cert.org/vuls/id/116713",
"refsource": "MISC",
"url": "https://kb.cert.org/vuls/id/116713"
},
{
"name": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-10-S1_and_S2_Critical_Update.pdf",
"refsource": "MISC",
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-10-S1_and_S2_Critical_Update.pdf"
},
{
"name": "https://www.ncr.com/content/dam/ncrcom/unsorted/jackpot_attacks_in_the_us_-_january_2018.pdf",
"refsource": "MISC",
"url": "https://www.ncr.com/content/dam/ncrcom/unsorted/jackpot_attacks_in_the_us_-_january_2018.pdf"
},
{
"name": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_v5.pdf",
"refsource": "MISC",
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_v5.pdf"
},
{
"name": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Secure_white_paper-Dispenser_Security_Solution_September_2018.pdf",
"refsource": "MISC",
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Secure_white_paper-Dispenser_Security_Solution_September_2018.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10123",
"datePublished": "2020-08-21T20:30:39.511Z",
"dateReserved": "2020-03-05T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:01.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-14910 (GCVE-0-2019-14910)
Vulnerability from cvelistv5 – Published: 2019-12-05 14:16 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.
Severity
9.3 (Critical)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:51.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Keycloak",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "CWE-592",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T14:16:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14910",
"datePublished": "2019-12-05T14:16:00.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:51.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14909 (GCVE-0-2019-14909)
Vulnerability from cvelistv5 – Published: 2019-12-04 14:34 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
Severity
9.3 (Critical)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:52.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Keycloak",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "CWE-592",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-04T14:34:06.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14909",
"datePublished": "2019-12-04T14:34:06.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:52.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14833 (GCVE-0-2019-14833)
Vulnerability from cvelistv5 – Published: 2019-11-06 00:00 – Updated: 2024-08-05 00:26
VLAI
EPSS
VEX
Summary
A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.
Severity
4.2 (Medium)
CWE
Assigner
References
9 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14833"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2019-14833.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
},
{
"name": "openSUSE-SU-2019:2458",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
},
{
"name": "FEDORA-2019-57d43f3b58",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/"
},
{
"name": "FEDORA-2019-703e299870",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
},
{
"name": "FEDORA-2019-460ad648e7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
},
{
"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
},
{
"name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "samba",
"vendor": "Samba",
"versions": [
{
"status": "affected",
"version": "all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-14T16:06:23.317Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14833"
},
{
"url": "https://www.samba.org/samba/security/CVE-2019-14833.html"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
},
{
"name": "openSUSE-SU-2019:2458",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
},
{
"name": "FEDORA-2019-57d43f3b58",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/"
},
{
"name": "FEDORA-2019-703e299870",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
},
{
"name": "FEDORA-2019-460ad648e7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
},
{
"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
},
{
"name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14833",
"datePublished": "2019-11-06T00:00:00.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:39.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3878 (GCVE-0-2019-3878)
Vulnerability from cvelistv5 – Published: 2019-03-26 17:44 – Updated: 2024-08-04 19:19
VLAI
EPSS
VEX
Summary
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.
Severity
8.1 (High)
CWE
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://github.com/Uninett/mod_auth_mellon/pull/196 | x_refsource_CONFIRM |
| https://usn.ubuntu.com/3924-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://access.redhat.com/errata/RHSA-2019:0746 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:0766 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:0985 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHBA-2019:0959 | vendor-advisoryx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| uninett | mod_auth_mellon |
Affected:
before v0.14.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Uninett/mod_auth_mellon/pull/196"
},
{
"name": "USN-3924-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3924-1/"
},
{
"name": "FEDORA-2019-db1e9b3002",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/"
},
{
"name": "FEDORA-2019-2d8ee47f61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/"
},
{
"name": "RHSA-2019:0746",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0746"
},
{
"name": "RHSA-2019:0766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0766"
},
{
"name": "RHSA-2019:0985",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0985"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mod_auth_mellon",
"vendor": "uninett",
"versions": [
{
"status": "affected",
"version": "before v0.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T08:06:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Uninett/mod_auth_mellon/pull/196"
},
{
"name": "USN-3924-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3924-1/"
},
{
"name": "FEDORA-2019-db1e9b3002",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/"
},
{
"name": "FEDORA-2019-2d8ee47f61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/"
},
{
"name": "RHSA-2019:0746",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0746"
},
{
"name": "RHSA-2019:0766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0766"
},
{
"name": "RHSA-2019:0985",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0985"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mod_auth_mellon",
"version": {
"version_data": [
{
"version_value": "before v0.14.2"
}
]
}
}
]
},
"vendor_name": "uninett"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878"
},
{
"name": "https://github.com/Uninett/mod_auth_mellon/pull/196",
"refsource": "CONFIRM",
"url": "https://github.com/Uninett/mod_auth_mellon/pull/196"
},
{
"name": "USN-3924-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3924-1/"
},
{
"name": "FEDORA-2019-db1e9b3002",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/"
},
{
"name": "FEDORA-2019-2d8ee47f61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/"
},
{
"name": "RHSA-2019:0746",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0746"
},
{
"name": "RHSA-2019:0766",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0766"
},
{
"name": "RHSA-2019:0985",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0985"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3878",
"datePublished": "2019-03-26T17:44:29.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.