libc in OpenBSD allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
Tag: Authentication Bypass
ASA-2019-00242 – Dell EMC iDRAC: WS-MAN Authentication Bypass Vulnerability
A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface.
ASA-2019-00241 – Dell EMC iDRAC: Web Interface Authentication Bypass Vulnerability
A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.
ASA-2019-00226 – Symfony: Add a separator in the remember me cookie hash
This fixes situations where part of an expiry time in a cookie could be considered part of the username, or part of the username could be considered part of the expiry time. An attacker could modify the remember me cookie and authenticate as a different user. This attack is only possible if remember me functionality is enabled and the two users share a password hash or the password hashes (e.g. UserInterface::getPassword()) are null for all users (which is valid if passwords are checked by an external system, e.g. an SSO).
ASA-2019-00185 – Magento: Unauthorized data control due to a bypass of authentication controls for a customer using a web API endpoint
An authenticated customer can control other customer's requisition lists by using a web API endpoint to send a request to the server. (This overrides the customer_id parameter).
ASA-2019-00184 – Magento: Unauthorized implementation due to bypassing the need for administrator authentication approval on B2B accounts
An authenticated user can create a B2B account without administrative approval due to an authentication bypass vulnerability.
ASA-2018-00067 – PolicyKit: Improper handling of user with uid > INT_MAX leading to authentication bypass
It was discovered that incorrect processing of very high UIDs in PolicyKit, a framework for managing administrative policies and privileges, could result in authentication bypass.