Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Apache Shiro authentication bypass - Vulnerability Database

Apache Shiro authentication bypass

Description

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, password and session management.

Apache Shiro before 1.7.1 (when used with Spring), is vulnerable to an authentication bypass vulnerability that allows an attacker to bypass authentication using a specially crafted HTTP request .

Remediation

Uprade to the latest version of Apache Shiro.

References

Apache Shiro Vulnerability Reports
CVE-2020-17523 Apache Shiro authentication bypass analysis

Related Vulnerabilities

Microsoft ASP.NET Forms authentication bypass High
Common tags: Authentication Bypass
WordPress Plugin Thrive Headline Optimizer Security Bypass (1.3.7.2) High
Common tags: Authentication Bypass
WordPress Plugin Ultimate GDPR & CCPA Compliance Toolkit for WordPress Security Bypass (2.4) High
Common tags: Authentication Bypass
WordPress Plugin BuddyPress Multiple Security Bypass Vulnerabilities (7.2.0) High
Common tags: Authentication Bypass
WordPress Plugin Controlled Admin Access Security Bypass (1.4.0) High
Common tags: Authentication Bypass

Severity

High

Classification

CVE-2020-17523
CWE-287
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass