< ciso
brief />
Tag Banner

All news with #authentication bypass tag

344 articles · page 3 of 18

Dutch police arrest suspect in Ajax app hack

🔒 Dutch police arrested a 35-year-old suspect in Buren for allegedly accessing Ajax football club IT systems, after vulnerabilities in the official Ajax app exposed supporter data. The breach, initially described as affecting a few hundred fans, may have put around 300,000 registered supporters at risk, including email addresses and ticket information. The flaw also allowed manipulation of the club's ban list, potentially harming innocent people, and Ajax says it has patched the vulnerabilities with external help.
read more →

Critical Gogs RCE via Malicious Rebase Branch Name

🔒 A critical Remote Code Execution (RCE) flaw in Gogs, a self-hosted Git service, enables any authenticated user to execute arbitrary commands by creating a pull request with a malicious branch name that injects the --exec flag into git rebase. Rated 9.4 by Rapid7, the bug requires only a registered account on default instances and can be abused without admin privileges or other user interaction. Rapid7 published an exploit module and advises restricting registration and repository creation and auditing rebase merge settings.
read more →

ABB Busch‑Welcome Door Opener: Debug Code Risk

🔒 ABB has identified an authentication bypass in specific Busch‑Welcome 2 Wire Door Opener Actuator versions due to active debug code and a compatibility mode enabled by default. Exploitation could allow unauthorized physical access to buildings where the device is installed. ABB provides an on‑site mitigation: toggle the product mode from "Door‑Open" to "Light" and back, then perform a mains power restart to force recalibration. CISA republishes the vendor advisory and recommends network isolation, minimized exposure, and use of secure remote access methods such as updated VPNs while encouraging organizations to follow ICS security best practices.
read more →

Critical unauthenticated password reset in KMW cameras

🔒 The advisory details a critical vulnerability in KMW CCTV Security Cameras that allows an unauthenticated attacker to reset the administrator password to a known value, granting full access to camera feeds and settings. Vendor firmware (KM-IP421) is available to address the issue, though it may require re-authorizing cloud P2P connections. CISA urges network segmentation, restricted internet access, regular firmware updates, and other defensive measures to reduce exposure.
read more →

Frontier X2 BLE Authentication Vulnerability Alert

🔒 The Frontier X2 wearable and its companion Frontier X mobile app are affected by a vulnerability allowing unauthenticated BLE read/write access to critical GATT characteristics, enabling attackers in range to control device functions and inject fabricated health telemetry. Fourth Frontier is developing a fix; users should contact the vendor for assistance and connect the device to only one app at a time. CISA recommends isolating control networks, minimizing exposure, using secure remote access, and following ICS defensive best practices to reduce exploitation risk.
read more →

Starlette flaw enables auth bypass in FastAPI stacks

🔒 A single malformed character in a web request can allow unauthenticated attackers to bypass access controls in applications built on Starlette, the Python framework behind FastAPI. X41 D‑Sec disclosed the vulnerability (CVE‑2026‑48710) after finding it in a source‑code audit; Starlette’s maintainer released a patch via GitHub. The flaw stems from inconsistent parsing of the Host header when rebuilding request addresses, causing middleware to see a different path than the router. Researchers warn many model‑serving and AI infrastructure components are exposed unless a compliant reverse proxy rejects malformed Host headers.
read more →

Gitea flaw lets unauthenticated users pull private images

🔒 Researchers disclosed a vulnerability in Gitea that allowed unauthenticated remote attackers to pull private container images from affected deployments without credentials. Tracked as CVE-2026-27771, the issue affects all Gitea versions prior to 1.26.2, which contains the fix. Noscope estimates more than 30,000 deployments globally may be impacted, spanning healthcare, aerospace, retail, and ISPs. Users are advised to update to 1.26.2 or enable REQUIRE_SIGNIN_VIEW as a temporary mitigation.
read more →

ABB zenon Remote Transport Missing Authentication

🔒 ABB has identified a vulnerability in affected versions of the ABB Ability™ zenon Remote Transport Service that permits unauthorized use of the Reboot OS function, allowing an attacker to trigger a system reboot without required authentication. Remote exploitation requires prior access to the target network. Vendors report no evidence of active exploitation at this time. Workarounds include restricting network access and disabling the zensyssrv.exe service when Remote Transport is not needed.
read more →

Ubiquiti patches three max-severity UniFi OS flaws

🛡️ Ubiquiti issued updates addressing three maximum-severity vulnerabilities in UniFi OS that allow remote, unauthenticated attackers to modify systems, read files via path traversal, and perform command injection after gaining network access. Additional fixes include another critical command injection and a high-severity information disclosure issue. The flaws were reported via HackerOne and can be exploited with low complexity; Ubiquiti has not confirmed any in-the-wild exploitation. Censys reports nearly 100,000 Internet-exposed UniFi OS endpoints, with about 50,000 in the United States, though it is unclear how many have been remediated.
read more →

Critical Cisco Secure Workload vulnerability demands immediate patch

🔒 A critical vulnerability in the on-premises Cisco Secure Workload platform can let a remote, unauthenticated attacker gain site admin privileges by sending a crafted HTTP request to an internal REST API. Cisco assigned CVE-2026-20223 a CVSS score of 10.0 and says the issue stems from insufficient validation and authentication of REST API access. Only on-prem deployments must act immediately by upgrading to the patched versions; SaaS has already been fixed. Cisco reported no known exploitation in the wild at the time of disclosure.
read more →

Cisco fixes max-severity Secure Workload REST API flaw

🔒 Cisco released patches for a maximum-severity vulnerability in Secure Workload (formerly Tetration) that allowed unauthenticated attackers to gain Site Admin privileges by abusing internal REST APIs. The flaw, tracked as CVE-2026-20223, stems from insufficient validation and authentication of API endpoints and could let attackers read sensitive data and change configurations across tenant boundaries. Cisco provided fixed releases for on-premises deployments and has already remediated the issue in the SaaS offering; no workarounds exist.
read more →

SonicWall VPN MFA Bypass: CVE-2024-12802 Exploits and Risks

🔒 ReliaQuest observed attackers brute-forcing credentials and bypassing MFA on SonicWall Gen6 SSL‑VPN appliances by exploiting CVE-2024-12802, allowing rapid internal access and attempts to deploy Cobalt Strike and a vulnerable driver. SonicWall warns that installing the firmware update alone on Gen6 devices does not fully mitigate the flaw; administrators must manually reconfigure LDAP settings to restore MFA enforcement. Gen7/Gen8 devices are fully remediated by firmware updates.
read more →

CISA Advisory: Multiple Critical Vulnerabilities in ScadaBR

⚠ CISA reports multiple critical vulnerabilities in ScadaBR version 1.2.0, including missing authentication, OS command injection, CSRF, and hard-coded credentials. Successful exploitation could enable unauthenticated remote code execution, root command execution, arbitrary sensor injection, or full administrative access. The vendor did not respond to CISA requests; users should contact ScadaBR support and implement network-level mitigations immediately.
read more →

ZKTeco CCTV Cameras Vulnerability: Auth Bypass Patch

📷 An undocumented configuration export port on certain ZKTeco CCTV camera models permits unauthenticated access to sensitive device information. The exposed data can include running services and camera account credentials, creating a risk of information disclosure and unauthorized access. ZKTeco released a firmware update V5.0.1.2.20260421 to remediate the issue and urges immediate upgrading. CISA recommends minimizing network exposure, using firewalls and segmentation, and restricting Internet access to control devices.
read more →

Microsoft Rejects Azure Backup AKS Vulnerability Report

🔒 A security researcher alleges Microsoft quietly changed Azure Backup for AKS behavior after rejecting his March disclosure and blocking a CVE, arguing the issue required pre-existing administrative access. The reported flaw purportedly allowed a user with only the Backup Contributor role to gain cluster-admin privileges via Trusted Access. Microsoft maintains the behavior was expected and that no product changes were made, yet the researcher observed new permission checks and a shift to manual Trusted Access configuration after disclosure. CERT/CC validated the bug but the CVE process stalled, leaving defenders with limited visibility.
read more →

Cisco warns of exploited SD-WAN authentication bypass

⚠ Cisco has disclosed a maximum-severity authentication bypass in its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms that has been observed exploited in the wild. The flaw lets unauthenticated remote actors craft control-connection requests to bypass peer authentication and gain administrative privileges. Cisco has released updates and urges immediate patching because no workarounds exist. The issue is tracked as CVE-2026-20182 with a CVSS score of 10.0 and was added to CISA’s KEV list.
read more →

Bypassing On-Camera Age Verification Checks and Risks

🔍 This post argues that many on-camera "age verification" schemes are not primarily about keeping minors out but about deanonymizing critics and giving governments a pretext to deny platform access. It notes real-world abuses such as attempts to de-bank protesters and explains why complete failure to exclude minors is unsurprising when that is not the objective. The piece also links related technical developments — from provocative zero-knowledge research to hard drive firmware reverse engineering — that change the threat landscape and raise questions about hardware attestation and vendor control.
read more →

CISA Adds Cisco SD-WAN CVE to KEV; FCEB Remediate Now

🔒 CISA has added CVE-2026-20182, a critical authentication bypass in Cisco Catalyst SD-WAN Controller, to its Known Exploited Vulnerabilities catalog and requires Federal Civilian Executive Branch agencies to remediate by May 17, 2026. The flaw is rated 10.0 (CVSS) and allows an unauthenticated remote attacker to obtain administrative privileges. Cisco links active exploitation to threat cluster UAT-8616 and advises customers to follow its advisories and mitigation guidance.
read more →

Critical Auth Bypass in Burst Statistics Plugin Patched

🔒 Wordfence disclosed a critical authentication bypass in the Burst Statistics WordPress plugin (CVE-2026-8181) that lets unauthenticated actors impersonate admin users via REST API requests and even create rogue admin accounts. The flaw, introduced in versions 3.4.0 and 3.4.1, misinterprets wp_authenticate_application_password() return values, treating errors or null as successful authentication. Users should upgrade to 3.4.2 or disable the plugin immediately.
read more →

Critical Cisco SD-WAN Controller Zero-Day Exploits

⚠ Cisco warns of an actively exploited authentication bypass in Cisco Catalyst SD-WAN Controller (CVE-2026-20182) rated 10.0, affecting on-premises and SD-WAN Cloud Manager deployments. The vulnerability stems from a peering authentication mechanism that "is not working properly" and can grant high-privileged, non-root administrative access and NETCONF control. Cisco detected exploitation in May, released security updates as the only full remediation, and advises restricting management-plane access and reviewing peering and auth logs for IOCs.
read more →