Safeguard
Tag

authentication-bypass

Safeguard articles tagged "authentication-bypass" — guides, analysis, and best practices for software supply chain and application security.

22 articles

Vulnerability Analysis

CVE-2020-11651: Authentication bypass in SaltStack salt-m...

CVE-2020-11651, a critical CVSS 9.8 authentication bypass in SaltStack's salt-master, enabled unauthenticated RCE and fueled real-world attacks on LineageOS, Ghost, and DigiCert.

Oct 1, 20258 min read
Vulnerability Response

CVE-2025-22462 in Ivanti Neurons for ITSM: Patch Posture & SBOM Response

Ivanti Neurons for ITSM auth bypass scored CVSS 9.8 and grants full admin access. Defender playbook for the ITSM patching emergency.

May 15, 20256 min read
Vulnerability Analysis

CrushFTP CVE-2025-31161: Authentication Bypass Exploited in the Wild

A critical authentication bypass in CrushFTP allowed unauthenticated access to file transfer servers. Exploitation was observed within days of disclosure, targeting multiple industries.

Apr 7, 20255 min read
Vulnerability Analysis

Juniper Router CVE-2025-21589: Authentication Bypass That Puts Network Perimeters at Risk

A critical authentication bypass in Juniper's Session Smart Router lets remote attackers hijack admin sessions. Here's what happened, why it matters, and what to do.

Feb 20, 20255 min read
Vulnerability Analysis

Palo Alto PAN-OS Authentication Bypass: CVE-2025-0108

A path traversal flaw in Palo Alto Networks PAN-OS management web interface allowed unauthenticated access to sensitive REST API endpoints. Exploitation began within days of disclosure.

Feb 12, 20255 min read
Vulnerability Analysis

Fortinet FortiGate Authentication Bypass: CVE-2024-55591 Explained

A critical authentication bypass in FortiOS and FortiProxy allowed attackers to gain super-admin privileges via crafted Node.js websocket requests. Here's what happened and how to protect your infrastructure.

Jan 14, 20255 min read
Vulnerability Analysis

GitHub Enterprise Server CVE-2024-4985: SAML Authentication Bypass

A critical authentication bypass in GitHub Enterprise Server allowed attackers to forge SAML responses and gain administrator access to self-hosted GitHub instances without any credentials.

May 20, 20245 min read
Vulnerability Analysis

Apache OFBiz CVE-2023-51467: Authentication Bypass in Enterprise Resource Planning

CVE-2023-51467 bypassed a previous patch for an authentication flaw in Apache OFBiz, granting unauthenticated access to ERP functionality. A patch bypass that exposed critical business data.

Dec 26, 20236 min read
Vulnerability Analysis

F5 BIG-IP CVE-2023-46747: Authentication Bypass Puts Network Infrastructure at Risk

A critical authentication bypass in F5 BIG-IP allowed unauthenticated attackers to gain administrative access. The vulnerability affected the management interface of devices protecting enterprise networks.

Oct 27, 20235 min read
Zero-Day Exploits

Zimbra CVE-2022-37042: Authentication Bypass in a Widely Used Email Platform

CVE-2022-37042 allowed unauthenticated attackers to upload web shells to Zimbra email servers. Over 1,000 servers were compromised before most admins knew about it.

Aug 10, 20226 min read
authentication-bypass (Page 2) — Safeguard Blog