All news with #authentication bypass tag

🔒 Google has introduced stronger authentication safeguards and enhanced recovery tools to make smartphones harder targets for thieves. The update adds granular controls for Failed Authentication Lock, expands Identity Check to protect all apps using the Android Biometric Prompt (including Google Password Manager and third‑party banking apps), and introduces longer lockout times to slow guessing attempts. Remote Lock now offers an optional security challenge to verify ownership, and for new devices in Brazil Google will enable Theft Detection Lock and Remote Lock by default. Authentication safeguards require Android 16+; recovery tools require Android 10+.

⚠️ SolarWinds has released updates for Web Help Desk to address multiple high‑severity vulnerabilities, including four critical flaws that can enable authentication bypass and remote code execution. Affected issues include deserialization and hard‑coded credential bugs tracked as CVE‑2025‑40536 through CVE‑2025‑40554. Rapid7 highlights that the deserialization flaws are particularly exploitable without authentication. SolarWinds fixed the issues in WHD 2026.1 and customers are urged to upgrade immediately.

⚠️ SolarWinds has issued emergency updates for Web Help Desk (WHD) to patch six vulnerabilities—four rated critical—that include unauthenticated data deserialization RCEs and authentication bypasses. Researchers from watchTowr and Horizon3.ai disclosed the flaws, which could let attackers execute commands, access protected functions, or leverage hardcoded credentials. Administrators should upgrade to WHD 2026.1 immediately and investigate any anomalous activity on affected servers.

🔒 SolarWinds released updates for Web Help Desk to address critical authentication bypass and remote code execution vulnerabilities, including CVE-2025-40551, CVE-2025-40552 and CVE-2025-40553. Reported by researchers at watchTowr and Horizon3.ai, the flaws allow unauthenticated attackers to bypass authentication and execute commands via deserialization and other vectors. Administrators should upgrade to Web Help Desk 2026.1 immediately to mitigate risk.

🔒 Fortinet released guidance after disclosure of CVE-2026-24858, an authentication bypass in FortiCloud single sign-on (SSO) that can allow an attacker with a FortiCloud account to access devices registered to other users. The flaw affects multiple products including FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer. Fortinet temporarily disabled FortiCloud SSO on Jan. 26, 2026 and restored the service with mitigations on Jan. 27; CISA added the CVE to its KEV Catalog and urges operators to check for indicators of compromise and apply vendor updates immediately.

🔒 Meta has begun rolling out a new WhatsApp feature called Strict Account Settings that provides lockdown-style protections for journalists, public figures, and other high-risk users. The option, enabled only from a user's primary device under Settings > Privacy > Advanced, enforces the strictest privacy controls, including mandatory two-step verification and blocking media and calls from unknown senders. It also hides profile data, disables link previews, and limits features that could expose users to sophisticated spyware. Meta said the feature is intended for the small number of users who face targeted, high-risk campaigns.

⚠️ Fortinet disclosed a critical authentication-bypass zero-day (CVE-2026-24858) that affects FortiCloud SSO and can let attackers compromise FortiGate, FortiManager, and FortiAnalyzer devices. The vendor temporarily disabled FortiCloud SSO globally on Jan 26 to stop active exploitation and re-enabled it Jan 27 with server-side blocking that prevents logins from vulnerable firmware. FortiOS 7.4.11 is available and additional patched releases are being rolled out; most fixes are still listed as "upcoming."

🔒 Fortinet has released security updates to address a critical authentication bypass (CVE-2026-24858) affecting FortiOS, FortiManager, and FortiAnalyzer. The flaw allows a FortiCloud account with a registered device to access other devices when FortiCloud SSO is enabled, enabling creation of local admin accounts and configuration changes. Fortinet locked malicious FortiCloud accounts, temporarily disabled SSO, and urges customers to update firmware, audit configurations, and rotate credentials.

🔒 Fortinet confirmed a critical FortiCloud SSO authentication bypass (CVE-2026-24858) actively exploited to gain administrative access to customer devices. The company has implemented server-side mitigations that block SSO logins from vulnerable firmware versions while patches for FortiOS, FortiManager, and FortiAnalyzer are developed. Administrators are advised to review accounts and credentials; disabling SSO remains an optional mitigation.

🔒 Shadowserver has identified over 6,000 internet-exposed SmarterMail servers likely vulnerable to a critical authentication bypass that enables unauthenticated attackers to hijack administrator accounts. The issue was reported to SmarterTools on January 8 and patched in build 9511 on January 15; it was later assigned CVE-2026-23760. A permissive force-reset-password endpoint accepts anonymous requests and fails to verify the existing password or a reset token, allowing an attacker who knows an administrator username to reset credentials and achieve full administrative compromise and potential remote code execution. Organizations should confirm they have applied the vendor update or recommended mitigations and audit logs for unauthorized resets or other indicators of compromise.

🔒 CISA added CVE-2026-24858 to its Known Exploited Vulnerabilities (KEV) Catalog for a Fortinet Multiple Products Authentication Bypass that leverages an alternate path or channel. The agency reports evidence of active exploitation and characterizes this class of flaw as a frequent and serious attack vector. Under BOD 22-01, federal agencies must remediate KEV entries by their due dates; CISA strongly urges all organizations to prioritize timely remediation, apply vendor patches, implement compensating controls, and monitor for indicators of compromise.

🔒 Fortinet has confirmed a new attack campaign that exploits an unpatched zero-day vulnerability to bypass authentication across SAML SSO implementations, including FortiCloud SSO. The activity, observed in mid-January, involves extraction of firewall configurations and creation of administrative and VPN-capable accounts. Fortinet is working on a fix and recommends updating to the latest releases, restoring clean backups, rotating all credentials, disabling FortiCloud SSO administrative logins, and restricting administrative access to trusted subnets.

⚠️ A coordinated campaign is exploiting a critical authentication-bypass flaw in the GNU InetUtils telnetd server, tracked as CVE-2026-24061. The bug, present since 2015, lets attackers set the USER environment variable (for example USER=-f root) to bypass /usr/bin/login and obtain a root shell. Patches are in InetUtils 2.8; mitigations include disabling telnetd or blocking TCP port 23. GreyNoise observed limited, mostly automated exploitation activity and recommends immediate patching and hardening.

🔒 Fortinet confirmed active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate firewalls. The vendor said attackers exploited a new attack path that can circumvent patches addressing CVE-2025-59718 and CVE-2025-59719 by using crafted SAML messages when FortiCloud SSO is enabled. Observed activity includes creation of generic admin accounts, configuration changes to enable VPN access, and configuration exfiltration. Fortinet recommends restricting internet-facing administrative access and disabling the admin-forticloud-sso-login feature while a full remediation is finalized.

⚠️ Fortinet confirmed it is still addressing a critical FortiCloud SSO authentication bypass (CVE-2025-59718) after reports that attackers are able to bypass patches and compromise fully updated firewalls. Security firm Arctic Wolf says automated attacks beginning January 15 created VPN-access admin accounts and quickly exfiltrated firewall configurations. Fortinet advises disabling FortiCloud SSO, restricting administrative access with a local-in policy, and treating affected systems as compromised while a full fix is developed.

🔓 A trivial authentication bypass in the inetutils telnet server (CVE-2026-24061) lets attackers gain root by abusing the USER environment variable. Telnetd forwards the USER value to /usr/bin/login, so sending USER='-f root' with telnet's -a/--login option causes an automatic root login (e.g., USER='-f root' telnet -a [host_ip]). The flaw has existed for about 11 years, so many legacy and IoT devices are likely affected. Apply the vendor/distribution patch immediately or disable Telnet and restrict access to whitelisted IPs.

🔒 An authentication bypass in SmarterTools SmarterMail allows unauthenticated actors to reset system administrator passwords via the publicly exposed 'force-reset-password' API endpoint. The endpoint accepts attacker-controlled JSON and an IsSysAdmin flag that, when set to true, triggers admin password reset logic without verifying the old password. watchTowr reported the issue on January 8 and SmarterMail released Build 9511 on January 15; researchers observed exploitation within days. Administrators should apply the update immediately to prevent full account takeover.

🔐 A critical vulnerability in GNU InetUtils telnetd (CVE-2026-24061) enables remote attackers to bypass authentication and gain root access by supplying a crafted USER environment string. The flaw, present in releases 1.9.3 through 2.7, occurs because telnetd forwards an unvalidated USER value to /usr/bin/login, which interprets "-f root" as an authentication bypass. Administrators should apply patches or disable telnetd until updates are installed.

🔒 A critical authentication vulnerability (CVE-2026-22794) in the Appsmith low-code platform allowed attackers to manipulate password reset links by supplying a malicious HTTP Origin header, causing reset tokens to be redirected to attacker-controlled infrastructure. Exploitation can lead to full account takeover, including administrator access. The flaw affects Appsmith 1.92 and earlier and was corrected in 1.93; internet scans identified 1,666 publicly accessible instances.

⚠️ A critical flaw in the RealHomes CRM WordPress plugin—bundled with the widely used RealHomes theme and present on more than 30,000 sites—allowed any logged-in user with Subscriber access or higher to upload arbitrary files via a CSV import. Assigned CVE-2025-67968, the bug affected versions 1.0.0 and earlier and could lead to full site takeover. Developers released v1.0.1, adding a current_user_can check and file-type validation via wp_check_filetype; users should update immediately.