Authentication Bypass
Authentication bypass attacks exploit flaws in the verification mechanisms that control access to systems and applications.
How It Works
Authentication bypass attacks exploit flaws in the verification mechanisms that control access to systems and applications. Instead of cracking passwords through brute force, attackers manipulate the authentication process itself to gain unauthorized entry. This typically occurs through one of several pathways: exploiting hardcoded credentials embedded in source code or configuration files, manipulating parameters in authentication requests to skip verification steps, or leveraging broken session management that fails to properly validate user identity.
The attack flow often begins with reconnaissance to identify authentication endpoints and their underlying logic. Attackers may probe for default administrative credentials that were never changed, test whether certain URL paths bypass login requirements entirely, or intercept and modify authentication tokens to escalate privileges. In multi-step authentication processes, flaws in state management can allow attackers to complete only partial verification steps while still gaining full access.
More sophisticated variants exploit single sign-on (SSO) or OAuth implementations where misconfigurations in trust relationships allow attackers to forge authentication assertions. Parameter tampering—such as changing a "role=user" field to "role=admin" in a request—can trick poorly designed systems into granting elevated access without proper verification.
Impact
- Complete account takeover — attackers gain full control of user accounts, including administrative accounts, without knowing legitimate credentials
- Unauthorized data access — ability to view, modify, or exfiltrate sensitive information including customer data, financial records, and intellectual property
- System-wide compromise — admin-level access enables installation of backdoors, modification of security controls, and complete infrastructure takeover
- Lateral movement — bypassed authentication provides a foothold for moving deeper into networks and accessing additional systems
- Compliance violations — unauthorized access triggers breach notification requirements and regulatory penalties
Real-World Examples
CrushFTP suffered a critical authentication bypass allowing attackers to access file-sharing functionality without any credentials. The vulnerability enabled direct server-side template injection, leading to remote code execution on affected systems. Attackers actively exploited this in the wild to establish persistent access to enterprise file servers.
Palo Alto's Expedition migration tool contained a flaw permitting attackers to reset administrative credentials without authentication. This allowed complete takeover of the migration environment, potentially exposing network configurations and security policies being transferred between systems.
SolarWinds Web Help Desk (CVE-2024-28987) shipped with hardcoded internal credentials that could not be changed through normal administrative functions. Attackers discovering these credentials gained full administrative access to helpdesk systems containing sensitive organizational information and user data.
Mitigation
- Implement multi-factor authentication (MFA) — requires attackers to compromise additional verification factors beyond bypassed primary authentication
- Eliminate hardcoded credentials — use secure credential management systems and rotate all default credentials during deployment
- Enforce authentication on all endpoints — verify every request requires valid authentication; no "hidden" administrative paths should exist
- Implement proper session management — use cryptographically secure session tokens, validate on server-side, enforce timeout policies
- Apply principle of least privilege — limit damage by ensuring even authenticated users only access necessary resources
- Regular security testing — conduct penetration testing specifically targeting authentication logic and flows
Recent CVEs (7710)
NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been found in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.02.06 before v2.02.06. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.06.04 before v1.06.06. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. Rated high severity (CVSS 7.5). No vendor patch available.
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms allows Exploiting Incorrectly Configured Access Control Security Levels.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels.4.23. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels.117.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Frisbii Frisbii Pay allows Exploiting Incorrectly Configured Access Control Security Levels.8.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort allows Exploiting Incorrectly Configured Access Control Security Levels.4.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in CozyThemes SaasLauncher allows Exploiting Incorrectly Configured Access Control Security Levels.3.0. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels.6.4.574. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.15.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels.7.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.
Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.02.14 before v1.02.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner allows Exploiting Incorrectly Configured Access Control Security Levels.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Post SMTP - WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications - Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.03.01 before v2.05.01. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.03.01 before v2.05.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft MyRezzta allows Forceful Browsing.02.02 before v2.05.01. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.8.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability was found in macrozheng mall up to 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in macrozheng mall up to 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
rocket.chat Incorrect Authorization Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Incorrect access control in Beakon Application before v5.4.3 allows authenticated attackers with low-level privileges to escalate privileges and execute commands with Administrator rights. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.02.08 before v1.02.08. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure.02.07 before v1.02.08. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.09.03 before v1.11.01. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.09.02 before v1.11.01. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Lack of authorisation in Deporsite by T-INNOVA. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Lack of authorisation in Deporsite by T-INNOVA. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.
A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Rated low severity (CVSS 1.8). No vendor patch available.
A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A vulnerability has been found in xujeff tianti 天梯 up to 2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 (Liferay PaaS,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.05.07 before v1.05.12. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Rated low severity (CVSS 1.8). No vendor patch available.
A vulnerability was found in RemoteClinic up to 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in RemoteClinic up to 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Delta Electronics DIAView has an authentication bypass vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was determined in Tenda AC9 15.03.05.19. Rated low severity (CVSS 2.0). No vendor patch available.
A vulnerability was identified in Cudy LT500E up to 2.3.12. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.
Missing Authorization vulnerability in Hamid Alinia Login with phone number.6.93. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.5.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Centurion ERP is an ERP with a focus on ITSM and automation. Rated low severity (CVSS 1.9), this vulnerability is low attack complexity.
Eventlet is a concurrent networking library for Python. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.
Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper authentication vulnerability has been reported to affect VioStor. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.8 patch 3. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.
Quick Facts
- Typical Severity
- CRITICAL
- Category
- auth
- Total CVEs
- 7710