All news with #authentication bypass tag

🔴 Security researchers disclosed a critical vulnerability in the AI workflow automation platform n8n—dubbed “Ni8mare” (CVE-2026-21858)—with a CVSS score of 10.0 that allows remote, unauthenticated attackers to read files and potentially achieve code execution on local instances. The flaw arises from improper webhook parsing of the Content-Type header, letting adversaries control file metadata and local file paths. n8n has issued a patch; users should upgrade to 1.121.0 or later as there are no official workarounds.

🔒 Cisco has released patches for an Identity Services Engine (ISE) XML-parsing vulnerability tracked as CVE-2026-20029 that can be abused by remote attackers with valid administrative credentials. The flaw in ISE and ISE Passive Identity Connector allows a crafted XML upload to read arbitrary files on the host. Cisco notes a public proof-of-concept is available and urges customers to upgrade to patched releases rather than rely on temporary mitigations.

🔐 Amazon MQ now supports delegating RabbitMQ authentication and authorization to an HTTP endpoint. The capability is provided as a plugin for RabbitMQ 4.2 and later on Amazon MQ and is enabled by updating the broker configuration file. When provisioning, choose RabbitMQ 4.2 with the m7g instance type via the AWS Console, CLI, or SDKs, then edit the configuration to enable the plugin. The feature is available in all regions where Amazon MQ RabbitMQ 4 instances are offered.

⚠ An unpatched firmware error in the TOTOLINK EX200 wireless range extender can cause the device to start an unauthenticated root-level telnet service when specific malformed firmware files are processed. CERT/CC (CVE-2025-65606) says exploitation requires an attacker to be authenticated to the web management interface to reach the firmware-upload handler, which can then enter an abnormal error state. The vendor has not issued a patch and the product is no longer actively maintained; users are advised to restrict administrative access and consider upgrading to a supported model.

🔒 Bleeping Computer reports that attackers are actively exploiting an older FortiOS vulnerability, CVE-2020-12812, which can bypass two-factor authentication. Although Fortinet issued a patch in July 2020, researchers say at least 10,000 FortiGate firewalls remain unpatched. Administrators are urged to install the latest updates immediately to mitigate account access risks. Additional measures include restricting administrative access, rotating credentials, and monitoring logs for suspicious activity.

⚠ Administrators continue to find more than 10,000 internet-exposed Fortinet firewalls vulnerable to an active two-factor authentication bypass (CVE-2020-12812) that was patched in July 2020. The flaw in FortiOS SSL VPN permits login without a second factor when username case is altered; Fortinet advised disabling username case sensitivity as a mitigation. Shadowserver reports over 1,300 affected IPs in the U.S. — network owners should patch, apply mitigations, and audit LDAP-dependent management interfaces immediately.

🔒 IBM is urging customers to quickly apply interim fixes for a critical authentication-bypass vulnerability in IBM API Connect (CVE-2025-13915) that affects versions 10.0.8.0–10.0.8.5 and 10.0.11.0. The flaw can allow unauthorized access to exposed applications without user interaction and stems from a broken architectural assumption that traffic passing the gateway guarantees identity enforcement (CWE-305). IBM has published platform-specific interim fixes and advises disabling self-service sign-up on Developer Portals if patches cannot be applied; administrators must also remove image overrides when upgrading to avoid persistent shadow state.

🔒 IBM has disclosed a critical authentication bypass in IBM API Connect, tracked as CVE-2025-13915 with a CVSS score of 9.8. The flaw could allow remote attackers to gain unauthorized access to the application. Affected releases include 10.0.8.0–10.0.8.5 and 10.0.11.0. IBM advises downloading the interim fix from Fix Central and, if immediate patching is not possible, disabling Developer Portal self-service sign-up as a temporary mitigation.

🔒 IBM urged customers to patch a critical authentication bypass in its API Connect platform that could allow attackers to access applications remotely. Tracked as CVE-2025-13915 and rated 9.8/10, the flaw affects versions 10.0.11.0 and 10.0.8.0–10.0.8.5. Exploitation is low-complexity and requires no user interaction. IBM recommends upgrading to the latest release and offers interim mitigations, including disabling self-service sign-up on the Developer Portal.

🔒 WHILL Inc. electric wheelchairs (Model C2 and Model F) are affected by a critical Bluetooth authentication vulnerability, CVE-2025-14346, that allows an attacker within wireless range to pair without credentials and issue movement and configuration commands. The flaw is rated CVSS 3.1 9.8 (CRITICAL) and is classified as CWE-306 Missing Authentication for Critical Function. WHILL deployed mitigations on 29 December 2025 that restrict unlock commands during motion, protect speed profiles, and obfuscate application JSON configuration files on Android and iOS.

🔒 Fortinet warns that attackers continue to exploit a critical FortiOS vulnerability (CVE-2020-12812) that can bypass two-factor authentication on FortiGate SSL VPNs by changing the case of the username. The issue affects configurations where local users requiring FortiToken are linked to LDAP groups and stems from inconsistent case-sensitive matching between local and remote authentication. Fortinet patched the bug in July 2020 and advised disabling username case sensitivity or removing secondary LDAP group fallbacks if patches cannot be deployed; the vendor reports ongoing abuse against appliances with LDAP configured.

⚠️ Fortinet warned on December 24, 2025 that attackers are actively abusing a five‑year‑old FortiOS SSL VPN flaw, CVE-2020-12812 (CVSS 5.2), to bypass two‑factor authentication under specific configurations. The issue stems from inconsistent case sensitivity between FortiGate local users and LDAP directories: if a username's case does not exactly match the local entry, FortiGate may fall back to LDAP and accept credentials without 2FA. Fortinet reiterated prior patches and published configuration mitigations and commands to disable username case sensitivity, and advised customers to contact support and reset credentials if unauthorized 2FA bypass is detected.

🔐 Fortinet has observed active abuse of FG-IR-19-283 (CVE-2020-12812) in environments where FortiGate and LDAP username case handling differ. In these configurations, a username entered with any case variation that does not exactly match the local FortiGate entry can bypass local 2FA and instead authenticate via an LDAP group fallback. Administrators should enable the appropriate username sensitivity setting or remove unnecessary secondary LDAP groups to block this bypass.

🔒 Shadowserver has identified more than 25,000 Fortinet devices online with FortiCloud SSO enabled, amid active exploitation of a critical authentication bypass (CVE-2025-59718/CVE-2025-59719). Researchers report attackers send malicious SAML messages to perform unauthorized SSO, gain admin-level access, and download system configuration files containing hashed credentials, exposed services, and network details. CISA added the flaw to its list of actively exploited vulnerabilities and ordered U.S. agencies to patch within a week; Fortinet notes FortiCloud SSO is only enabled after device registration, but many management interfaces remain publicly reachable.

⚠️ CISA warns of critical vulnerabilities in AXIS Camera Station products, including AXIS Camera Station Pro and AXIS Device Manager. Successful exploitation could allow remote code execution, authentication bypass, man-in-the-middle attacks, or local privilege escalation; CVEs include CVE-2025-30023, -30024, -30025, and -30026 (maximum CVSS v3 base score 9.0). Vendor-identified affected releases are older than Pro 6.9, Camera Station 5.58, and Device Manager 5.32; upgrades to these versions or later are the recommended fixes and administrators should minimize network exposure.

⚠️ HPE has released patches for a maximum-severity remote code execution vulnerability, CVE-2025-37164, in OneView that affects all versions prior to v11.00. Reported by Nguyen Quoc Khanh (brocked200), the flaw permits unauthenticated, low-complexity code injection leading to RCE on unpatched systems. There are no vendor-provided workarounds or mitigations, so administrators should upgrade to OneView v11.00 or apply the appropriate hotfixes without delay. Separate hotfix packages are available for virtual appliance and Synergy deployments.

🔔 Cisco Talos disclosed multiple vulnerabilities affecting libbiosig, Grassroot DiCoM, and Smallstep step-ca. The issues include stack-based buffer overflows in libbiosig’s MFER parser that may allow arbitrary code execution, several out-of-bounds reads in DiCoM that can leak sensitive data, and an authentication bypass in step-ca enabling unauthorized certificate issuance. Vendors have released patches in accordance with Cisco’s disclosure policy; administrators should apply updates promptly and obtain the latest Snort rule sets to detect exploitation attempts.

🔒 Security researchers and incident response teams warn that threat actors are rapidly exploiting newly disclosed authentication bypass vulnerabilities in Fortinet's FortiOS that affect FortiGate, FortiWeb, FortiProxy and FortiSwitchManager devices. Arctic Wolf reported seeing tens of intrusions since December 12, 2025, and advises that hashed credentials in exfiltrated configurations should be presumed compromised and rotated immediately. CISA has added CVE-2025-59718 to its Known Exploited Vulnerabilities list and Fortinet has released patches; administrators are urged to disable FortiCloud SSO until devices are upgraded and to follow Fortinet's hardening guidance.

🔒 Researchers report active exploitation of two critical FortiCloud SSO authentication bypasses (CVE-2025-59718, CVE-2025-59719) that can grant unauthenticated admin access to multiple Fortinet products. The flaws stem from improper verification of SAML cryptographic signatures, enabling forged assertions to bypass login controls. Attacks observed from December 12 targeted admin accounts and led to exfiltration of system configuration files. Administrators should disable FortiCloud SSO if unable to upgrade and apply vendor patches immediately.

⚠️ A critical vulnerability (CVE-2024-3596, CVSS 9.0) in Hitachi Energy AFS/AFR/AFF series RADIUS implementations allows a local attacker to forge valid RADIUS responses by exploiting an MD5 chosen-prefix collision against the response authenticator. Successful exploitation can compromise product data integrity and disrupt availability. Hitachi Energy recommends immediately enabling the RADIUS message authenticator option; vendor-specific CLI commands and MIB objects vary by product family.