Skip to main content

Spnego Http Authentication Module

1 CVEs product

Monthly

CVE-2021-21335 CRITICAL PATCH Act Now

In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Nginx Authentication Bypass Spnego Http Authentication Module
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Nginx Authentication Bypass Spnego Http Authentication Module
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy