All articles tagged with #authentication bypass
Originally Published 13 days ago — by The Hacker News
IBM has disclosed a critical security flaw in API Connect (CVE-2025-13915) that allows remote attackers to bypass authentication and gain unauthorized access. The vulnerability affects specific versions and is rated 9.8/10 on CVSS. Users are advised to apply the available fixes promptly or disable self-service sign-up to mitigate risks.
Originally Published 1 year ago — by BleepingComputer
QNAP has warned of critical vulnerabilities in its NAS software products that could allow attackers to access devices, including an authentication bypass flaw that can be executed remotely without authentication. The flaws impact various versions of QNAP's operating systems, and users are recommended to upgrade to specific versions to address the vulnerabilities. NAS devices are often targeted for data theft and extortion, so it's crucial for owners to keep their software updated and avoid exposing these devices to the internet.
Originally Published 1 year ago — by The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of an actively exploited critical security flaw in JetBrains TeamCity On-Premises software, allowing for complete compromise of a server by a remote unauthenticated attacker. The vulnerability, tracked as CVE-2024-27198, has been used by threat actors to deliver ransomware and create rogue user accounts. Users are urged to apply updates immediately, with federal agencies required to patch their instances by March 28, 2024.
Originally Published 1 year ago — by The Hacker News
Ivanti has disclosed a high-severity security flaw, CVE-2024-22024, affecting its Connect Secure, Policy Secure, and ZTA gateway devices, allowing attackers to bypass authentication. The company has released patches for the affected versions and urges users to apply them promptly, emphasizing the importance of addressing multiple security weaknesses that have surfaced this year. While there is no evidence of active exploitation, users are advised to take swift action due to the potential for broad abuse of these vulnerabilities.
Originally Published 1 year ago — by BleepingComputer
Ivanti has warned of a new authentication bypass vulnerability (CVE-2024-22024) affecting its Connect Secure, Policy Secure, and ZTA gateways, urging immediate patching. The flaw allows remote attackers to access restricted resources without user interaction or authentication. Threat monitoring shows over 20,000 ICS VPN gateways exposed online, with Ivanti devices being heavily targeted in attacks. Security patches for the vulnerabilities were released on January 31, and Ivanti advises customers to factory reset vulnerable appliances before patching to block attackers' persistence.
Originally Published 2 years ago — by BleepingComputer
Fortra warns of a critical authentication bypass vulnerability, CVE-2024-0204, in GoAnywhere MFT versions before 7.4.1, allowing unauthorized creation of admin users. The flaw, discovered in December 2023, could lead to device takeover and data breaches. Fortra advises immediate patching to version 7.4.1 and provides manual mitigation steps. While no active exploitation has been reported, the potential for PoC exploits exists. This follows a previous incident where the Clop ransomware gang exploited a different flaw in GoAnywhere MFT, causing widespread data theft attacks on numerous organizations.
Originally Published 2 years ago — by BleepingComputer
Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that allows attackers to bypass authentication and gain admin privileges. The vulnerability, tracked as CVE-2023-26258, was discovered by security researchers and enables attackers on the local network to access the UDP admin interface by capturing SOAP requests containing AuthUUIDs to obtain valid administrator sessions. Arcserve has released UDP 9.1 to fix the vulnerability and recommends all users upgrade to this version. The flaw could potentially be used by threat actors to destroy data in ransomware attacks.