authentication-bypass
Safeguard articles tagged "authentication-bypass" — guides, analysis, and best practices for software supply chain and application security.
22 articles
CVE-2020-11651: Authentication bypass in SaltStack salt-m...
CVE-2020-11651, a critical CVSS 9.8 authentication bypass in SaltStack's salt-master, enabled unauthenticated RCE and fueled real-world attacks on LineageOS, Ghost, and DigiCert.
CVE-2025-22462 in Ivanti Neurons for ITSM: Patch Posture & SBOM Response
Ivanti Neurons for ITSM auth bypass scored CVSS 9.8 and grants full admin access. Defender playbook for the ITSM patching emergency.
CrushFTP CVE-2025-31161: Authentication Bypass Exploited in the Wild
A critical authentication bypass in CrushFTP allowed unauthenticated access to file transfer servers. Exploitation was observed within days of disclosure, targeting multiple industries.
Juniper Router CVE-2025-21589: Authentication Bypass That Puts Network Perimeters at Risk
A critical authentication bypass in Juniper's Session Smart Router lets remote attackers hijack admin sessions. Here's what happened, why it matters, and what to do.
Palo Alto PAN-OS Authentication Bypass: CVE-2025-0108
A path traversal flaw in Palo Alto Networks PAN-OS management web interface allowed unauthenticated access to sensitive REST API endpoints. Exploitation began within days of disclosure.
Fortinet FortiGate Authentication Bypass: CVE-2024-55591 Explained
A critical authentication bypass in FortiOS and FortiProxy allowed attackers to gain super-admin privileges via crafted Node.js websocket requests. Here's what happened and how to protect your infrastructure.
GitHub Enterprise Server CVE-2024-4985: SAML Authentication Bypass
A critical authentication bypass in GitHub Enterprise Server allowed attackers to forge SAML responses and gain administrator access to self-hosted GitHub instances without any credentials.
Apache OFBiz CVE-2023-51467: Authentication Bypass in Enterprise Resource Planning
CVE-2023-51467 bypassed a previous patch for an authentication flaw in Apache OFBiz, granting unauthenticated access to ERP functionality. A patch bypass that exposed critical business data.
F5 BIG-IP CVE-2023-46747: Authentication Bypass Puts Network Infrastructure at Risk
A critical authentication bypass in F5 BIG-IP allowed unauthenticated attackers to gain administrative access. The vulnerability affected the management interface of devices protecting enterprise networks.
Zimbra CVE-2022-37042: Authentication Bypass in a Widely Used Email Platform
CVE-2022-37042 allowed unauthenticated attackers to upload web shells to Zimbra email servers. Over 1,000 servers were compromised before most admins knew about it.