< ciso
brief />
Tag Banner

All news with #authentication bypass tag

344 articles · page 12 of 18

Siemens Industrial Edge Authorization Bypass Vulnerability

🔒 Siemens and CISA report an authorization bypass in multiple Siemens Industrial Edge and related devices (CVE-2025-40805) that can allow an unauthenticated remote attacker who knows a legitimate user's identity to impersonate that user. Siemens has released firmware and software updates for many affected models and is preparing additional fixes. Where updates are not yet available, Siemens and CISA advise network isolation, minimizing internet exposure, use of secure remote access (VPNs), and other compensating controls to limit risk.
read more →

Siemens Industrial Edge Device Kit: Authorization Bypass

🔒 Users of Siemens Industrial Edge Device Kit should apply updates immediately. CISA reports an authorization bypass (CVE-2025-40805) that enables unauthenticated attackers to impersonate legitimate users by abusing unsecured API endpoints; the issue is rated CVSS v3.1 10.0. Siemens has published patches for multiple arm64 and x86-64 builds (for example V1.24.2 and V1.25.1) and advises restricting network access where fixes are not yet available.
read more →

YoSmart YoLink Vulnerabilities Affect Server, Hub, App

🔒 CISA reported several vulnerabilities in the YoSmart YoLink ecosystem impacting the cloud server, Smart Hub, and mobile application. Exploitation could let attackers remotely control other users' devices, intercept unencrypted MQTT traffic, and hijack sessions. YoSmart pushed server-side fixes and will deliver a hub firmware update over-the-air; users should update the YoLink mobile app to 1.40.45 or later.
read more →

ServiceNow Patches Critical Flaw in AI Platform — Oct 2025

🔒 ServiceNow has released fixes for a critical flaw in its ServiceNow AI Platform that could allow an unauthenticated actor to impersonate other users and perform arbitrary actions. Tracked as CVE-2025-12420 with a CVSS score of 9.3, the issue was addressed on October 30, 2025 and deployed to the majority of hosted instances. Patches were also shared with partners and self-hosted customers; administrators are advised to apply updates promptly to mitigate risk.
read more →

Amazon MQ Adds mTLS Certificate Authentication for RabbitMQ

🔐 Amazon MQ now supports certificate-based authentication for RabbitMQ brokers using mutual TLS (mTLS). The new capability lets brokers running RabbitMQ 4.2 and later use the auth_mechanism_ssl plugin, configured via the broker's configuration file. To enable it, create a new RabbitMQ 4.2 broker (M7g instance type) and update the configuration; the feature is available in all regions where Amazon MQ RabbitMQ 4 instances are offered.
read more →

ThreatsDay: Weekly roundup — hacks, vulnerabilities, trends

🛡️ This week's ThreatsDay highlights a critical RustFS gRPC authentication flaw with a hard-coded token (CVSS 9.8) that allowed network attackers to perform privileged operations and was patched in 1.0.0-alpha.78. Other notable stories include GeoServer-based XMRig miners, an evolution in Iran-linked MuddyWater custom backdoors, a surge in Taiwanese infrastructure attacks, and CISA's KEV catalog expansion. Organizations should apply patches, enable MFA, and monitor credentials and exposed services.
read more →

Microsoft Exchange Online outage affects IMAP4 access

⚠ Microsoft is investigating an Exchange Online outage (EX1215307) that intermittently prevents users from accessing mailboxes via IMAP4. Microsoft attributes the disruption to a recent IMAP deployment that introduced a code conflict and authentication misconfiguration, and says a configuration fix has been deployed and is being rolled out. Other connection methods are not affected, and Microsoft advises retries may restore access while the update completes.
read more →

Cisco patches XML parsing flaw in ISE and Snort 3 software

🔒 Cisco has issued updates to address a medium-severity XML parsing vulnerability (CVE-2026-20029, CVSS 4.9) in Identity Services Engine (ISE) and ISE Passive Identity Connector. The flaw in the licensing feature allows an authenticated administrator to upload a crafted file and read arbitrary files from the underlying operating system. Cisco lists specific fixed releases and patches (pre-3.2 must migrate; 3.2/3.3/3.4 have patches; 3.5 not vulnerable), reports no workaround, and acknowledges a public PoC while noting no known in-the-wild exploitation. The advisory also includes fixes for two Snort 3 DCE/RPC issues affecting multiple Cisco products.
read more →

Maximum-severity Ni8mare bug enables n8n server takeover

🔴 Security researchers disclosed a critical vulnerability in the AI workflow automation platform n8n—dubbed “Ni8mare” (CVE-2026-21858)—with a CVSS score of 10.0 that allows remote, unauthenticated attackers to read files and potentially achieve code execution on local instances. The flaw arises from improper webhook parsing of the Content-Type header, letting adversaries control file metadata and local file paths. n8n has issued a patch; users should upgrade to 1.121.0 or later as there are no official workarounds.
read more →

Cisco patches ISE flaw after PoC exploit released; update

🔒 Cisco has released patches for an Identity Services Engine (ISE) XML-parsing vulnerability tracked as CVE-2026-20029 that can be abused by remote attackers with valid administrative credentials. The flaw in ISE and ISE Passive Identity Connector allows a crafted XML upload to read arbitrary files on the host. Cisco notes a public proof-of-concept is available and urges customers to upgrade to patched releases rather than rely on temporary mitigations.
read more →

Amazon MQ Adds HTTP-Based Auth for RabbitMQ Brokers

🔐 Amazon MQ now supports delegating RabbitMQ authentication and authorization to an HTTP endpoint. The capability is provided as a plugin for RabbitMQ 4.2 and later on Amazon MQ and is enabled by updating the broker configuration file. When provisioning, choose RabbitMQ 4.2 with the m7g instance type via the AWS Console, CLI, or SDKs, then edit the configuration to enable the plugin. The feature is available in all regions where Amazon MQ RabbitMQ 4 instances are offered.
read more →

Unpatched EX200 Flaw Lets Authenticated Users Trigger Telnet

⚠ An unpatched firmware error in the TOTOLINK EX200 wireless range extender can cause the device to start an unauthenticated root-level telnet service when specific malformed firmware files are processed. CERT/CC (CVE-2025-65606) says exploitation requires an attacker to be authenticated to the web management interface to reach the firmware-upload handler, which can then enter an abnormal error state. The vendor has not issued a patch and the product is no longer actively maintained; users are advised to restrict administrative access and consider upgrading to a supported model.
read more →

Thousands of FortiGate Firewalls Still Exposed to 2020 Flaw

🔒 Bleeping Computer reports that attackers are actively exploiting an older FortiOS vulnerability, CVE-2020-12812, which can bypass two-factor authentication. Although Fortinet issued a patch in July 2020, researchers say at least 10,000 FortiGate firewalls remain unpatched. Administrators are urged to install the latest updates immediately to mitigate account access risks. Additional measures include restricting administrative access, rotating credentials, and monitoring logs for suspicious activity.
read more →

10,000+ Fortinet Firewalls Exposed to 2FA Bypass Worldwide

⚠ Administrators continue to find more than 10,000 internet-exposed Fortinet firewalls vulnerable to an active two-factor authentication bypass (CVE-2020-12812) that was patched in July 2020. The flaw in FortiOS SSL VPN permits login without a second factor when username case is altered; Fortinet advised disabling username case sensitivity as a mitigation. Shadowserver reports over 1,300 affected IPs in the U.S. — network owners should patch, apply mitigations, and audit LDAP-dependent management interfaces immediately.
read more →

Critical IBM API Connect Flaw Allows Authentication Bypass

🔒 IBM is urging customers to quickly apply interim fixes for a critical authentication-bypass vulnerability in IBM API Connect (CVE-2025-13915) that affects versions 10.0.8.0–10.0.8.5 and 10.0.11.0. The flaw can allow unauthorized access to exposed applications without user interaction and stems from a broken architectural assumption that traffic passing the gateway guarantees identity enforcement (CWE-305). IBM has published platform-specific interim fixes and advises disabling self-service sign-up on Developer Portals if patches cannot be applied; administrators must also remove image overrides when upgrading to avoid persistent shadow state.
read more →

IBM Alerts: Critical API Connect Authentication Bypass

🔒 IBM has disclosed a critical authentication bypass in IBM API Connect, tracked as CVE-2025-13915 with a CVSS score of 9.8. The flaw could allow remote attackers to gain unauthorized access to the application. Affected releases include 10.0.8.0–10.0.8.5 and 10.0.11.0. IBM advises downloading the interim fix from Fix Central and, if immediate patching is not possible, disabling Developer Portal self-service sign-up as a temporary mitigation.
read more →

IBM warns of critical API Connect auth bypass — patch now

🔒 IBM urged customers to patch a critical authentication bypass in its API Connect platform that could allow attackers to access applications remotely. Tracked as CVE-2025-13915 and rated 9.8/10, the flaw affects versions 10.0.11.0 and 10.0.8.0–10.0.8.5. Exploitation is low-complexity and requires no user interaction. IBM recommends upgrading to the latest release and offers interim mitigations, including disabling self-service sign-up on the Developer Portal.
read more →

Critical Bluetooth Authentication Flaw in WHILL Wheelchairs

🔒 WHILL Inc. electric wheelchairs (Model C2 and Model F) are affected by a critical Bluetooth authentication vulnerability, CVE-2025-14346, that allows an attacker within wireless range to pair without credentials and issue movement and configuration commands. The flaw is rated CVSS 3.1 9.8 (CRITICAL) and is classified as CWE-306 Missing Authentication for Critical Function. WHILL deployed mitigations on 29 December 2025 that restrict unlock commands during motion, protect speed profiles, and obfuscate application JSON configuration files on Android and iOS.
read more →

Fortinet warns: 5-year-old FortiOS 2FA bypass exploited

🔒 Fortinet warns that attackers continue to exploit a critical FortiOS vulnerability (CVE-2020-12812) that can bypass two-factor authentication on FortiGate SSL VPNs by changing the case of the username. The issue affects configurations where local users requiring FortiToken are linked to LDAP groups and stems from inconsistent case-sensitive matching between local and remote authentication. Fortinet patched the bug in July 2020 and advised disabling username case sensitivity or removing secondary LDAP group fallbacks if patches cannot be deployed; the vendor reports ongoing abuse against appliances with LDAP configured.
read more →

Fortinet: Active Exploitation of SSL VPN Auth Bypass

⚠️ Fortinet warned on December 24, 2025 that attackers are actively abusing a five‑year‑old FortiOS SSL VPN flaw, CVE-2020-12812 (CVSS 5.2), to bypass two‑factor authentication under specific configurations. The issue stems from inconsistent case sensitivity between FortiGate local users and LDAP directories: if a username's case does not exactly match the local entry, FortiGate may fall back to LDAP and accept credentials without 2FA. Fortinet reiterated prior patches and published configuration mitigations and commands to disable username case sensitivity, and advised customers to contact support and reset credentials if unauthorized 2FA bypass is detected.
read more →