auth-bypass
Safeguard articles tagged "auth-bypass" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Inside the Qinglong Scheduler RCE: How Two Auth Bugs Became a Cryptomining Campaign
Two chainable auth-bypass bugs in the Qinglong task scheduler let attackers skip login entirely and mine crypto on victim CPUs — in the wild before a patch existed.
URL parser confusion: how inconsistent parsing enables SSRF and auth bypass
Sixteen URL-parsing libraries tested, five inconsistency classes found, eight CVEs assigned — one wrong backslash can turn a validated URL into an SSRF.
CVE-2024-29849 Veeam Auth Bypass Analysis
CVE-2024-29849 is a CVSS 9.8 auth bypass in Veeam Backup Enterprise Manager. Root cause, exploitation, detection, and patching guidance.
Auth Bypass Discovery: Griffin AI vs Mythos
Auth bypasses are rarely a single bug. They live in the interaction between layers — middleware, route handlers, framework annotations. Finding them requires path analysis across abstraction layers.