#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Authentication bypass | Breaking Cybersecurity News | The Hacker News

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

Jun 17, 2024 Router Security / Vulnerability
ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080 , the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device," according to a description of the flaw shared by the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC). Also patched by the Taiwanese company is a high-severity buffer overflow flaw tracked as CVE-2024-3079 (CVSS score: 7.2) that could be weaponized by remote attackers with administrative privileges to execute arbitrary commands on the device. In a hypothetical attack scenario, a bad actor could fashion CVE-2024-3080 and CVE-2024-3079 into an exploit chain in order to sidestep authentication and execute malicious code on susceptible devices. Both the shor
Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Jun 04, 2024 Server Security / Vulnerability
Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358 , carries a CVSS score of 9.8 out of a maximum of 10.0. "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability," the company said in an advisory. The shortcoming has been addressed in Report Server 2024 Q2 (10.1.24.514). Sina Kheirkhah of Summoning Team, who is credited with discovering and reporting the flaw, described it as a "very simple" bug that could be exploited by a "remote unauthenticated attacker to create an administrator user and login." Besides updating to the latest version, Progress Software is urging cust
Why SaaS Security is Suddenly Hot: Racing to Defend and Comply

Why SaaS Security is Suddenly Hot: Racing to Defend and Comply

Jun 13, 2024SaaS Security / Shadow IT
Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don't have efficient methods to manage related time-sensitive SaaS security and compliance tasks. Free SaaS risk assessment tools are an easy and practical way to bring visibility and initial control to SaaS sprawl and Shadow AI. These tools now offer incremental upgrades , helping security professionals meet their company budget or maturity level.  Regulatory pressure, SaaS and AI proliferation, and increased risk of breaches or data leaks through 3rd party apps, make SaaS security one of the hottest areas for practitioners to learn and adopt. New regulations will require robust third-party SaaS risk lifecycle management that begins with SaaS service discovery and third-party risk management (TPRM) and ends with the requirement from CISOs to report incidents in their supply chain
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

May 09, 2024 Network Security / Botnet
Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous  Mirai botnet . That's according to  findings  from Juniper Threat Labs, which said the vulnerabilities  CVE-2023-46805 and CVE-2024-21887  have been leveraged to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw, CVE-2024-21887 is a command injection vulnerability, thereby allowing an attacker to chain the two into an exploit chain to execute arbitrary code and take over susceptible instances. In the attack chain observed by the network security company, CVE-2023-46805 is exploited to gain access to the "/api/v1/license/key-status/;" endpoint, which is vulnerable to command injection, and inject the payload. As  previously outlined  by Assetnote in their technical deep dive of the CVE-2024-21887, the exploit is triggered by means of a request to "/api/v1/totp/user-backup-code/" to deploy the malware. &quo
cyber security

Start With a Free Risk Assessment to Find, Fix, and Fly Through SaaS Security

websiteWing SecuritySaaS Security / Shadow IT
In just minutes, uncover and take action against hidden SaaS threats with Wing's advanced SSPM solution.
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

Apr 18, 2024 Container Security / Cryptocurrency
Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which  said  the flaws have been weaponized since the start of April 2024. OpenMetadata is an  open-source platform  that operates as a metadata management tool, offering a unified solution for data asset discovery, observability, and governance. The flaws in question – all discovered and credited to security researcher Alvaro Muñoz – are listed below - CVE-2024-28847  (CVSS score: 8.8) - A Spring Expression Language (SpEL) injection vulnerability in PUT /api/v1/events/subscriptions (fixed in version 1.2.4) CVE-2024-28848  (CVSS score: 8.8) - A SpEL injection vulnerability in GET /api/v1/policies/validation/condition/<expr> (fixed in version 1.2.4) CVE-2024-28253  (CVSS score: 8.8) - A SpEL injection vulnerability in PUT /api/v
CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

Mar 08, 2024 Vulnerability / Threat Intelligence
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a  complete compromise  of a susceptible server by a remote unauthenticated attacker. It was addressed by JetBrains earlier this week alongside CVE-2024-27199 (CVSS score: 7.3), another moderate-severity authentication bypass flaw that allows for a "limited amount" of information disclosure and system modification. "The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," the company  noted  at the time. Threat actors have been observed weaponizing the twin flaws to de
New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

Feb 21, 2024 Network Security / Vulnerability
Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password. The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, have been discovered following a security evaluation of  wpa_supplicant  and Intel's iNet Wireless Daemon ( IWD ), respectively. The flaws "allow attackers to trick victims into connecting to malicious clones of trusted networks and intercept their traffic, and join otherwise secure networks without needing the password," Top10VPN  said  in a new research conducted in collaboration with Mathy Vanhoef, who has previously uncovered Wi-Fi attacks like  KRACK ,  DragonBlood , and  TunnelCrack . CVE-2023-52161, in particular, permits an adversary to gain unauthorized access to a protected Wi-Fi network, exposing exis
Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

Feb 20, 2024 Vulnerability / Network Security
ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities are listed below - CVE-2024-1708 (CVSS score: 8.4) - Improper limitation of a pathname to a restricted directory aka "path traversal" CVE-2024-1709 (CVSS score: 10.0) - Authentication bypass using an alternate path or channel The company deemed the severity of the issues as critical, citing they "could allow the ability to execute remote code or directly impact confidential data or critical systems." Both the vulnerabilities impact ScreenConnect versions 23.9.7 and prior, with fixes available in version 23.9.8. The flaws were reported to the company on February 13, 2024. While there is no evidence that the shortcomings have been exploited in the wild, users who are running self-hosted or on-premise versions are recommended
Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways

Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways

Feb 09, 2024 Vulnerability / Zero Day
Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The issue, tracked as  CVE-2024-22024 , is rated 8.3 out of 10 on the CVSS scoring system. "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication," the company  said  in an advisory. The company said it discovered the flaw during an internal review as part of its ongoing investigation into multiple security weaknesses in the products that have come to light since the start of the year, including  CVE-2023-46805, CVE-2024-21887 ,  CVE-2024-21888, and CVE-2024-21893 . CVE-2024-22024 affects the following versions of the products - Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, a
Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin

Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin

Jan 24, 2024 Vulnerability / Endpoint Security
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as  CVE-2024-0204 , the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal," Fortra  said  in an advisory released on January 22, 2024. Users who cannot upgrade to version 7.4.1 can apply temporary workarounds in non-container deployments by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services. For container-deployed instances, it's recommended to replace the file with an empty file and restart. Mohammed Eldeeb and Islam Elrfai of Cairo-based Spark Engineering Consultants have been credited with discovering and reporting the flaw in December 2023. Cybersecurity firm Horizon3.ai, which published a  proof-of-co
U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

Jan 19, 2024 Cyber Theat / Zero-Day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities ( KEV ) catalog, stating it's being actively exploited in the wild. The vulnerability in question is  CVE-2023-35082  (CVSS score: 9.8), an authentication bypass that's a patch bypass for another flaw in the same solution tracked as CVE-2023-35078 (CVSS score: 10.0), which was actively exploited in attacks targeted Norwegian government entities as a zero-day in April 2023. "If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users' personally identifiable information and make limited changes to the server," Ivanti  noted  in August 2023. All versions of Ivanti Endpoint Manager Mobile (EPMM) 11.10, 11.9 and 11.8, and MobileIron Core 11.7 and below are impacted by the vulnerability. Cyb
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Jan 11, 2024 Vulnerability / Cyber Attack
Cybersecurity researchers have  developed  a proof-of-concept (PoC) code that exploits a  recently disclosed critical flaw  in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is  CVE-2023-51467  (CVSS score: 9.8), a bypass for another severe shortcoming in the same software ( CVE-2023-49070 , CVSS score: 9.8) that could be weaponized to circumvent authentication and remotely execute arbitrary code. While it was fixed in  Apache OFbiz version 18.12.11  released last month, threat actors have been observed attempting to exploit the flaw, targeting vulnerable instances. The latest findings from VulnCheck show that CVE-2023-51467 can be exploited to execute a payload directly from memory, leaving little to no traces of malicious activity. Security flaws disclosed in Apache OFBiz (e.g.,  CVE-2020-9496 ) have been  exploited  by threat actors in the past, including by threat actors associated wit
Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure

Jan 11, 2024 Cybersecurity / Zero-Day
A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which  identified  the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name  UTA0178 . There is evidence to suggest that the VPN appliance may have been compromised as early as December 3, 2023. The two vulnerabilities that have been exploited in the wild to achieve unauthenticated command execution on the ICS device are as follows - CVE-2023-46805  (CVSS score: 8.2) - An authentication bypass vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. CVE-2024-21887  (CVSS score: 9.1) - A command injection vulnerability in web components of Ivanti Connect Secur
Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Dec 27, 2023 Zero-Day / Vulnerability
A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as  CVE-2023-51467 , resides in the login functionality and is the result of an incomplete patch for another critical vulnerability ( CVE-2023-49070 , CVSS score: 9.8) that was released earlier this month. "The  security measures  taken to patch CVE-2023-49070 left the root issue intact and therefore the authentication bypass was still present," the SonicWall Capture Labs threat research team, which discovered the bug,  said  in a statement shared with The Hacker News. CVE-2023-49070 refers to a pre-authenticated remote code execution flaw impacting versions prior to 18.12.10 that, when successfully exploited, could allow threat actors to gain full control over the server and siphon sensitive data. It is caused due to a deprecated XML-RPC component within Apache
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

Dec 07, 2023 Mobile Security / Vulnerability
A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as  CVE-2023-45866 , the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim. "Multiple Bluetooth stacks have authentication bypass vulnerabilities that permit an attacker to connect to a discoverable host without user confirmation and inject keystrokes," said security researcher  Marc Newlin , who  disclosed  the flaws to the software vendors in August 2023. Specifically, the attack deceives the target device into thinking that it's connected to a Bluetooth keyboard by taking advantage of an "unauthenticated pairing mechanism" that's defined in the Bluetooth specification. Successful exploitation of the flaw could permit an adversary in close physical proximity to connect to a vulnerable device and trans
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

Nov 15, 2023 Network Securit / Vulnerability
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as  CVE-2023-34060  (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console)," the company  said  in an alert. "This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present." The virtualization services company further noted that the impact is due to the fact that it utilizes a version of sssd from the underlying Photon OS that is affected by  CVE-2023-34060 . Dustin Hartle from IT solutions provider Idea
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

Nov 14, 2023 Cyber Attack / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday  added  five vulnerabilities to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation - CVE-2023-36844  (CVSS score: 5.3) - Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845  (CVSS score: 5.3) - Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability CVE-2023-36846  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36847  (CVSS score: 5.3) - Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36851  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical
CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities

CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities

Oct 05, 2023 Vulnerability / Cyber Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday  added  two security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog due to active exploitation, while removing five bugs from the list due to lack of adequate evidence. The vulnerabilities newly added are below - CVE-2023-42793  (CVSS score: 9.8) - JetBrains TeamCity Authentication Bypass Vulnerability CVE-2023-28229  (CVSS score: 7.0) - Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability CVE-2023-42793 relates to a  critical authentication bypass vulnerability  that allows for remote code execution on TeamCity Server. Data gathered by GreyNoise has revealed exploitation attempts targeting the flaw from  74 unique IP addresses  to date. On the other hand, CVE-2023-28229 is a  high-severity flaw  in the Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service that allows an attacker to gain specific limited SYSTEM privileges. There are curren
Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

Feb 16, 2023 Critical Infrastructure / Cybersecurity
Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution. The flaws, tracked as  CVE-2022-45788  (CVSS score: 7.5) and  CVE-2022-45789  (CVSS score: 8.1), are part of a  broader collection  of  security defects  tracked by Forescout as OT:ICEFALL. Successful exploitation of the bugs could enable an adversary to execute unauthorized code, denial-of-service, or disclosure of sensitive information. The cybersecurity company said the shortcomings can be chained by a threat actor with known flaws from other vendors (e.g.,  CVE-2021-31886 ) to achieve deep lateral movement in operational technology (OT) networks. "Deep lateral movement lets attackers gain deep access to industrial control systems and cross often overlooked security perimeters, allowing them to perform highly granular and stealthy manipulations as well as override funct
Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products

Nov 10, 2022
Citrix has released  security updates  to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under specific configurations. CVE-2022-27510  - Unauthorized access to Gateway user capabilities CVE-2022-27513  - Remote desktop takeover via phishing CVE-2022-27516  - User login brute-force protection functionality bypass The following supported versions of Citrix ADC and Citrix Gateway are affected by the flaws - Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47  Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12  Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21 Citrix ADC 12.1-FIPS before 12.1-55.289 Citrix ADC 12.1-NDcPP before 12.1-55.289 Exploitation, howe
VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

Nov 09, 2022
VMware has patched five security flaws affecting its  Workspace ONE Assist  solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace ONE Assist to obtain administrative access without the need to authenticate to the application. CVE-2022-31686 has been described by the virtualization services provider as a "broken authentication method" vulnerability, and CVE-2022-31687 as a "Broken Access Control" flaw. "A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application," VMware  said  in an advisory for CVE-2022-31686 and CVE-202
Expert Insights
Cybersecurity Resources