Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Basic Authentication can be bypassed using a malformed username
Vulnerability Description
In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of spnego-http-auth-nginx-module. As a workaround, one may disable basic authentication.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
spnego-http-auth-nginx-module 授权问题漏洞
Vulnerability Description
Sean Timothy Noonan spnego-http-auth-nginx-module是 (Sean Timothy Noonan)开源的一个应用软件。提供一个将SPNEGO 支持添加到nginx功能。 SPNEGO HTTP Authentication Module for nginx 存在安全漏洞,该漏洞源于基本身份验证可以使用格式错误的用户名绕过。
CVSS Information
N/A
Vulnerability Type
N/A