tldrdailynews.com logo
Tag

Authentication Bypass

All articles tagged with #authentication bypass

Admin Access Wipeout: Burst Statistics Plugin Flaw Exposes WordPress to Takeover
cybersecurity7 days ago

Admin Access Wipeout: Burst Statistics Plugin Flaw Exposes WordPress to Takeover

A critical vulnerability in the Burst Statistics WordPress plugin (versions 3.4.0–3.4.1.1, CVE-2026-8181) allows unauthenticated attackers to bypass authentication and impersonate an administrator via crafted REST API requests, potentially creating a new admin account and taking over a site. Discovered May 8, 2026 by Wordfence’s PRISM, it was patched in version 3.4.2 on May 12, 2026. The flaw stems from improper handling of authentication in the MainWP integration, enabling exploitation across REST endpoints. admins should immediate patch to 3.4.2+, audit user accounts, and monitor logs to prevent compromise.

via CyberSecurityNews|
#authentication-bypass#burst-statistics#cve-2026-8181
MOVEit Automation hit by critical auth bypass; users urged to upgrade
security22 days ago

MOVEit Automation hit by critical auth bypass; users urged to upgrade

Progress Software warned of a critical authentication bypass in MOVEit Automation (CVE-2026-4670) affecting older builds, with remote attackers able to exploit it without privileges or user interaction. Upgrading to the patched release via the full installer is the recommended remediation, and expect an outage during the upgrade. The advisory also covers a high-severity privilege-escalation flaw (CVE-2026-5174). Shodan data shows about 1,400 MOVEit Automation instances publicly exposed online, including some tied to U.S. government agencies, underscoring the urgency of patching amid MOVEit’s history of exploited vulnerabilities.

via BleepingComputer|
#authentication-bypass#cve-2026-4670#cve-2026-5174
Emergency patch seals critical cPanel/WHM auth-bypass flaw (CVE-2026-41940)
security26 days ago

Emergency patch seals critical cPanel/WHM auth-bypass flaw (CVE-2026-41940)

An authentication-bypass vulnerability in cPanel/WHM (CVE-2026-41940, severity 9.8) affects nearly all supported versions. An emergency patch has been released and admins must run /scripts/upcp --force to install patched builds (11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5, 11.134.0.20). Unsupported versions will not receive updates; upgrade to a supported version ASAP. If exploited, attackers could gain full control of hosting accounts and servers, enabling backdoors, data theft, spam or malware deployment. Namecheap temporarily blocked ports 2083/2087 to mitigate risk.

via BleepingComputer|
#authentication-bypass#cpanel#cve-2026-41940
cPanel/WHM CVE-2026-41940: Preauth Session Flaw Enables Authentication Bypass
security26 days ago

cPanel/WHM CVE-2026-41940: Preauth Session Flaw Enables Authentication Bypass

Security researchers dissect CVE-2026-41940, a universal authentication bypass in cPanel & WHM caused by flawed session handling. The flaw can let attackers create preauth sessions and write plaintext credentials to on-disk session files when the encoding step is skipped (e.g., missing cookie ob-part), enabling exploitation via crafted login flows and Basic-auth headers. Patches exist across multiple release lines, and KnownHost reports in-the-wild activity; watchTowr Labs also releases a detection artifact generator for defenders.

via watchTowr Labs|
#authentication-bypass#cpanel#cpanel-whm
HPE patches critical AOS-CX authentication flaw that could reset admin passwords
security2 months ago

HPE patches critical AOS-CX authentication flaw that could reset admin passwords

Hewlett Packard Enterprise has issued patches for Aruba's AOS-CX network operating system, addressing multiple vulnerabilities including a critical authentication bypass (CVE-2026-23813) that could allow an unauthenticated attacker to reset the admin password via the web-based management interface. Mitigations include restricting management access to a secure L2 segment, applying strict Layer-3 ACLs, disabling HTTP(S) on SVIs and routed ports, and enabling comprehensive logging and management ACLs. HPE says no public exploit was observed at the advisory time. The report also notes prior related disclosures and aligns with ongoing industry warnings from CISA on HP/E vulnerability exposure.

via BleepingComputer|
#aos-cx#authentication-bypass#cve-2026-23813
Auth bypass in Honeywell CCTV risks unauthorized feeds and account takeover
security3 months ago

Auth bypass in Honeywell CCTV risks unauthorized feeds and account takeover

CISA warns of a critical vulnerability (CVE-2026-1670) in multiple Honeywell CCTV models that allows an unauthenticated attacker to change the recovery email on a device account, enabling account takeover and unauthorized access to camera feeds; as of Feb 17 there were no known public exploits; mitigations include limiting network exposure, isolating devices behind firewalls, and using secure VPN remote access; Honeywell has not issued a public advisory and users should contact support for patch guidance.

via BleepingComputer|
#authentication-bypass#cctv#cisa
Decompiled Patch Diff Enables SmarterMail Admin Password Bypass (WT-2026-0001)
security4 months ago

Decompiled Patch Diff Enables SmarterMail Admin Password Bypass (WT-2026-0001)

Researchers detail WT-2026-0001 in SmarterMail, a pre-authentication admin password-reset bypass that can be triggered by calling a force-reset-password API with IsSysAdmin set to true, enabling admin access without verifying OldPassword and potentially yielding remote code execution via the Volume Mount feature. A PoC shows a JSON payload including IsSysAdmin, Username, and NewPassword. SmarterTools released patch 9511 on Jan 15, 2026 to fix the flaw, but exploitation was observed shortly after the patch, highlighting urgent need to upgrade. The patched flow enforces admin verification and old-password checks, mitigating this bypass; the report also notes the ongoing risk and how attackers monitor patches to exploit high-value targets.

via watchTowr Labs|
#authentication-bypass#password-reset#patch
IBM Issues Warning Over Critical API Connect Authentication Flaw
technology4 months ago

IBM Issues Warning Over Critical API Connect Authentication Flaw

IBM has disclosed a critical security flaw in API Connect (CVE-2025-13915) that allows remote attackers to bypass authentication and gain unauthorized access. The vulnerability affects specific versions and is rated 9.8/10 on CVSS. Users are advised to apply the available fixes promptly or disable self-service sign-up to mitigate risks.

via The Hacker News|
#api-connect#authentication-bypass#cve-2025-13915
"Critical Authentication Bypass Flaw Found in QNAP NAS Devices"
technology2 years ago

"Critical Authentication Bypass Flaw Found in QNAP NAS Devices"

QNAP has warned of critical vulnerabilities in its NAS software products that could allow attackers to access devices, including an authentication bypass flaw that can be executed remotely without authentication. The flaws impact various versions of QNAP's operating systems, and users are recommended to upgrade to specific versions to address the vulnerabilities. NAS devices are often targeted for data theft and extortion, so it's crucial for owners to keep their software updated and avoid exposing these devices to the internet.

via BleepingComputer|
#authentication-bypass#firmware-update#nas-devices
"Ransomware Gangs Exploit Critical JetBrains TeamCity Vulnerability"
cybersecurity2 years ago

"Ransomware Gangs Exploit Critical JetBrains TeamCity Vulnerability"

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of an actively exploited critical security flaw in JetBrains TeamCity On-Premises software, allowing for complete compromise of a server by a remote unauthenticated attacker. The vulnerability, tracked as CVE-2024-27198, has been used by threat actors to deliver ransomware and create rogue user accounts. Users are urged to apply updates immediately, with federal agencies required to patch their instances by March 28, 2024.

via The Hacker News|
#authentication-bypass#cisa#cybersecurity
"Urgent: Mass-Exploited Ivanti VPN Flaw Requires Immediate Patching"
cybersecurity2 years ago

"Urgent: Mass-Exploited Ivanti VPN Flaw Requires Immediate Patching"

Ivanti has disclosed a high-severity security flaw, CVE-2024-22024, affecting its Connect Secure, Policy Secure, and ZTA gateway devices, allowing attackers to bypass authentication. The company has released patches for the affected versions and urges users to apply them promptly, emphasizing the importance of addressing multiple security weaknesses that have surfaced this year. While there is no evidence of active exploitation, users are advised to take swift action due to the potential for broad abuse of these vulnerabilities.

via The Hacker News|
#authentication-bypass#cve-2024-22024#cybersecurity
"Urgent: Ivanti Vulnerabilities Under Mass Exploitation"
cybersecurity2 years ago

"Urgent: Ivanti Vulnerabilities Under Mass Exploitation"

Ivanti has warned of a new authentication bypass vulnerability (CVE-2024-22024) affecting its Connect Secure, Policy Secure, and ZTA gateways, urging immediate patching. The flaw allows remote attackers to access restricted resources without user interaction or authentication. Threat monitoring shows over 20,000 ICS VPN gateways exposed online, with Ivanti devices being heavily targeted in attacks. Security patches for the vulnerabilities were released on January 31, and Ivanti advises customers to factory reset vulnerable appliances before patching to block attackers' persistence.

via BleepingComputer|
#authentication-bypass#cybersecurity#ivanti
"Urgent Patch Required: Fortra GoAnywhere MFT Vulnerability Exploited"
cybersecurity2 years ago

"Urgent Patch Required: Fortra GoAnywhere MFT Vulnerability Exploited"

Fortra warns of a critical authentication bypass vulnerability, CVE-2024-0204, in GoAnywhere MFT versions before 7.4.1, allowing unauthorized creation of admin users. The flaw, discovered in December 2023, could lead to device takeover and data breaches. Fortra advises immediate patching to version 7.4.1 and provides manual mitigation steps. While no active exploitation has been reported, the potential for PoC exploits exists. This follows a previous incident where the Clop ransomware gang exploited a different flaw in GoAnywhere MFT, causing widespread data theft attacks on numerous organizations.

via BleepingComputer|
#authentication-bypass#cve-2024-0204#cybersecurity
"New Arcserve UDP Auth Bypass Vulnerability Exploit and PoC Published"
technology2 years ago

"New Arcserve UDP Auth Bypass Vulnerability Exploit and PoC Published"

Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that allows attackers to bypass authentication and gain admin privileges. The vulnerability, tracked as CVE-2023-26258, was discovered by security researchers and enables attackers on the local network to access the UDP admin interface by capturing SOAP requests containing AuthUUIDs to obtain valid administrator sessions. Arcserve has released UDP 9.1 to fix the vulnerability and recommends all users upgrade to this version. The flaw could potentially be used by threat actors to destroy data in ransomware attacks.

via BleepingComputer|
#arcserve#authentication-bypass#ransomware-protection