In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 126.96.36.199-188.8.131.52 and below; Aruba Instant 6.5.x: 184.108.40.206 and below; Aruba Instant 8.3.x: 220.127.116.11 and below; Aruba Instant 8.4.x: 18.104.22.168 and below; Aruba Instant 8.5.x: 22.214.171.124 and below; Aruba Instant 8.6.x: 126.96.36.199 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn’t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Improper authentication vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT21 model GT2107-WTBD all versions ,GOT2000 series GT21 model GT2107-WTSD all versions, GOT SIMPLE series GS21 model GS2110-WTBD-N all versions and GOT SIMPLE series GS21 model GS2107-WTBD-N all versions allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the „VNC server“ function is used.
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 188.8.131.52. Aruba has released patches for AirWave Management Platform that address this security vulnerability.