Sast
Monthly
Kiuwan SAST fails to properly enforce SSO login authorization for locally disabled user accounts, permitting disabled users to maintain application access through single sign-on mechanisms. This affects Kiuwan Cloud and Kiuwan SAST on-premise (KOP) versions prior to 2.8.2509.4, enabling authenticated attackers with prior credentials to bypass account disablement controls. An attacker whose account has been disabled by administrators can re-authenticate via SSO and regain unauthorized access to the system.
Kiuwan SAST fails to properly enforce SSO login authorization for locally disabled user accounts, permitting disabled users to maintain application access through single sign-on mechanisms. This affects Kiuwan Cloud and Kiuwan SAST on-premise (KOP) versions prior to 2.8.2509.4, enabling authenticated attackers with prior credentials to bypass account disablement controls. An attacker whose account has been disabled by administrators can re-authenticate via SSO and regain unauthorized access to the system.