< ciso
brief />
Tag Banner

All news with #authentication bypass tag

344 articles · page 13 of 18

Observed Abuse of FG-IR-19-283: LDAP Username Case Issue

🔐 Fortinet has observed active abuse of FG-IR-19-283 (CVE-2020-12812) in environments where FortiGate and LDAP username case handling differ. In these configurations, a username entered with any case variation that does not exactly match the local FortiGate entry can bypass local 2FA and instead authenticate via an LDAP group fallback. Administrators should enable the appropriate username sensitivity setting or remove unnecessary secondary LDAP groups to block this bypass.
read more →

Over 25,000 FortiCloud SSO Devices Exposed Online

🔒 Shadowserver has identified more than 25,000 Fortinet devices online with FortiCloud SSO enabled, amid active exploitation of a critical authentication bypass (CVE-2025-59718/CVE-2025-59719). Researchers report attackers send malicious SAML messages to perform unauthorized SSO, gain admin-level access, and download system configuration files containing hashed credentials, exposed services, and network details. CISA added the flaw to its list of actively exploited vulnerabilities and ordered U.S. agencies to patch within a week; Fortinet notes FortiCloud SSO is only enabled after device registration, but many management interfaces remain publicly reachable.
read more →

Critical AXIS Camera Station and Device Manager Flaws

⚠️ CISA warns of critical vulnerabilities in AXIS Camera Station products, including AXIS Camera Station Pro and AXIS Device Manager. Successful exploitation could allow remote code execution, authentication bypass, man-in-the-middle attacks, or local privilege escalation; CVEs include CVE-2025-30023, -30024, -30025, and -30026 (maximum CVSS v3 base score 9.0). Vendor-identified affected releases are older than Pro 6.9, Camera Station 5.58, and Device Manager 5.32; upgrades to these versions or later are the recommended fixes and administrators should minimize network exposure.
read more →

HPE OneView RCE Flaw (CVE-2025-37164) Requires Patch

⚠️ HPE has released patches for a maximum-severity remote code execution vulnerability, CVE-2025-37164, in OneView that affects all versions prior to v11.00. Reported by Nguyen Quoc Khanh (brocked200), the flaw permits unauthenticated, low-complexity code injection leading to RCE on unpatched systems. There are no vendor-provided workarounds or mitigations, so administrators should upgrade to OneView v11.00 or apply the appropriate hotfixes without delay. Separate hotfix packages are available for virtual appliance and Synergy deployments.
read more →

Cisco Talos: Libbiosig, Grassroot DiCoM, and step-ca Flaws

🔔 Cisco Talos disclosed multiple vulnerabilities affecting libbiosig, Grassroot DiCoM, and Smallstep step-ca. The issues include stack-based buffer overflows in libbiosig’s MFER parser that may allow arbitrary code execution, several out-of-bounds reads in DiCoM that can leak sensitive data, and an authentication bypass in step-ca enabling unauthorized certificate issuance. Vendors have released patches in accordance with Cisco’s disclosure policy; administrators should apply updates promptly and obtain the latest Snort rule sets to detect exploitation attempts.
read more →

FortiGate SSO Vulnerabilities Lead to Credential Theft

🔒 Security researchers and incident response teams warn that threat actors are rapidly exploiting newly disclosed authentication bypass vulnerabilities in Fortinet's FortiOS that affect FortiGate, FortiWeb, FortiProxy and FortiSwitchManager devices. Arctic Wolf reported seeing tens of intrusions since December 12, 2025, and advises that hashed credentials in exfiltrated configurations should be presumed compromised and rotated immediately. CISA has added CVE-2025-59718 to its Known Exploited Vulnerabilities list and Fortinet has released patches; administrators are urged to disable FortiCloud SSO until devices are upgraded and to follow Fortinet's hardening guidance.
read more →

Hackers Exploit Fortinet FortiCloud SSO Auth Bypass

🔒 Researchers report active exploitation of two critical FortiCloud SSO authentication bypasses (CVE-2025-59718, CVE-2025-59719) that can grant unauthenticated admin access to multiple Fortinet products. The flaws stem from improper verification of SAML cryptographic signatures, enabling forged assertions to bypass login controls. Attacks observed from December 12 targeted admin accounts and led to exfiltration of system configuration files. Administrators should disable FortiCloud SSO if unable to upgrade and apply vendor patches immediately.
read more →

Hitachi Energy RADIUS MD5 Vulnerability (CVE-2024-3596)

⚠️ A critical vulnerability (CVE-2024-3596, CVSS 9.0) in Hitachi Energy AFS/AFR/AFF series RADIUS implementations allows a local attacker to forge valid RADIUS responses by exploiting an MD5 chosen-prefix collision against the response authenticator. Successful exploitation can compromise product data integrity and disrupt availability. Hitachi Energy recommends immediately enabling the RADIUS message authenticator option; vendor-specific CLI commands and MIB objects vary by product family.
read more →

FreePBX Fixes Critical SQLi, Upload, AUTH Bypass Flaws

🔒 FreePBX has released patches addressing several high‑severity vulnerabilities, including an authentication bypass that may be triggered when the legacy AUTHTYPE is set to webserver. Horizon3.ai reported authenticated SQL injection flaws and an arbitrary file upload that can be used to deploy a PHP web shell and achieve remote code execution. Administrators should apply the provided updates, ensure Authorization Type is set to usermanager, remove the legacy AUTHTYPE option from Advanced Settings, rotate credentials, and perform forensic checks if legacy settings were enabled.
read more →

SAML Authentication Under New XML Parsing Flaws Exposed

🔓Researchers revealed new XML-parsing exploits that severely weaken SAML-based SSO, demonstrating full authentication bypass against popular Ruby and PHP SAML libraries. PortSwigger researcher Zak Fedotkin presented these techniques at Black Hat Europe and published an open-source toolkit to identify and reproduce affected deployments. The work highlights attack vectors such as attribute pollution, namespace confusion, and a new class of void canonicalization that can circumvent XML signature validation. While fixes (including updates to Ruby-SAML) have been released, Fedotkin warns that only a foundational rework of SAML libraries will eliminate these systemic weaknesses.
read more →

UK Fines LastPass £1.2M Over 2022 Data Breach

🔒 The UK Information Commissioner's Office (ICO) fined LastPass £1.2 million after a 2022 breach that exposed account metadata and encrypted vault backups for up to 1.6 million UK users. The attacker first compromised an employee laptop and development credentials, then exploited a vulnerability in a third‑party streaming app on a senior employee's device to deploy malware, capture a master password, and bypass MFA. Those keys enabled access to cloud backups at GoTo containing customer data. The ICO said vaults were not decrypted but warned weak master passwords are at risk and urged stronger passwords and tighter controls.
read more →

Ivanti EPM XSS Flaw Lets Attackers Hijack Admin Sessions

🔒 Ivanti has released a critical patch for an unauthenticated Cross-Site Scripting (XSS) flaw in EPM that can allow attackers to inject malicious device scan data via the incoming API and execute JavaScript in administrator dashboards, enabling full admin-session takeover. The vendor shipped EPM 2024 SU4 SR1 to address CVE-2025-10573 (CVSS 9.6) and other arbitrary-code and file-write vulnerabilities; Ivanti said it had not observed customer exploitation at disclosure.
read more →

Siemens Energy Services G5 Authentication Bypass Advisory

🔒 Siemens Energy Services Elspec G5 devices (firmware up to 1.2.2.19) contain an authentication bypass that lets an attacker with physical access reset the Admin password by inserting a USB drive with a documented reset string. The flaw is tracked as CVE-2025-59392 (CVSS v4: 7.0; CVSS v3.1: 6.8) and is not remotely exploitable. Siemens recommends updating to V1.2.3.13 or later and following operational security guidance.
read more →

Siemens Gridscale X Prepay: Authentication and Enumeration

🔒 Siemens Gridscale X Prepay versions prior to 4.2.1 contain two remotely exploitable authentication-related vulnerabilities that present low attack complexity. CVE-2025-40806 enables user enumeration via observable response discrepancies, and CVE-2025-40807 permits capture-replay authentication bypass allowing locked-out users to re-establish sessions. Siemens advises contacting local representatives and following SSA-356310 guidance; CISA recommends isolating devices, minimizing network exposure, and using secure remote access methods such as updated VPNs.
read more →

Fortinet warns of critical FortiCloud SSO bypass flaws

⚠️ Fortinet released patches for two critical FortiCloud SSO authentication bypass vulnerabilities (CVE-2025-59718, CVE-2025-59719) impacting FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb. Attackers can abuse improper cryptographic signature verification in crafted SAML messages to bypass FortiCloud SSO controls. Administrators should disable FortiCloud SSO until devices are patched — either via System -> Settings in the GUI or with the provided CLI command — and apply the vendor firmware updates promptly. Fortinet also fixed related credential and password-hash issues (CVE-2025-59808, CVE-2025-64471).
read more →

Critical Auth Bypass in India-Deployed CCTV Cameras

🔒 CISA reports a critical authentication bypass (CWE-306, CVE-2025-13607) affecting multiple India-deployed CCTV products, including D-Link DCS-F5614-L1. The flaw permits unauthenticated remote retrieval of device configuration and account credentials with low attack complexity and high impact. D-Link has released a software update for the DCS-F5614-L1; users should install the patch, verify firmware versions, and minimize network exposure while seeking guidance from other vendors.
read more →

Sunbird DCIM dcTrack and Power IQ: Critical Flaws (2025)

🔒 CISA warns of two critical vulnerabilities in Sunbird DCIM dcTrack and Power IQ appliances that could enable unauthorized access or credential theft. One is an authentication bypass via alternate remote-access channels (CVE-2025-66238); the other involves hard‑coded/default credentials (CVE-2025-66237) with a CVSS v4 high score of 8.4. Sunbird has released fixes (dcTrack 9.2.3, Power IQ 9.2.1); until systems are updated, CISA recommends restricting SSH and nonessential ports, changing deployment passwords, isolating control networks behind firewalls, and using secure VPNs for remote access.
read more →

MAXHUB Pivot Weak Password Reset Vulnerability Advisory

🚨 A weak password recovery mechanism in MAXHUB Pivot client allows remote attackers to request password resets and potentially take over accounts. MAXHUB reports all Pivot client versions prior to v1.36.2 are affected and has released v1.36.2 to address the issue. CISA assigned CVE-2025-53704 and rates the flaw high severity (CVSS v4 8.7) with low attack complexity. Administrators should apply the update and follow recommended network-segmentation and access controls to reduce exposure.
read more →

Iskra iHUB/iHUB Lite: Unauthenticated Web Interface Alert

🔒 CISA reports a high‑severity Missing Authentication for Critical Function vulnerability (CVE-2025-13510) affecting all versions of Iskra’s iHUB and iHUB Lite smart metering gateways, where the web management interface requires no credentials. With a CVSS v4 base score of 9.3, an unauthenticated remote attacker could reconfigure devices, update firmware, and manipulate connected systems. Iskra did not respond to coordination requests; CISA recommends isolating devices from the Internet, placing them behind firewalls, and using secure remote access methods such as VPNs while recognizing their limitations.
read more →

Microsoft Teams guest access can bypass Defender protections

⚠️ Researchers warn a cross-tenant blind spot in Microsoft Teams can allow attackers to sidestep Microsoft Defender for Office 365 when users accept guest access in another tenant. Protections follow the hosting tenant, not the user's home organization, enabling attackers to create protection-free malicious tenants using low-tier licenses. Organizations should restrict B2B invitations, enable cross-tenant access controls, and train users to reject unsolicited guest invites.
read more →