Description

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, password and session management.

Apache Shiro before 1.7.1 (when used with Spring), is vulnerable to an authentication bypass vulnerability that allows an attacker to bypass authentication using a specially crafted HTTP request .

Remediation

Uprade to the latest version of Apache Shiro.

References

Apache Shiro Vulnerability Reports

CVE-2020-17523 Apache Shiro authentication bypass analysis

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Bulk Product Editing Security Bypass (1.2.13)

WordPress Plugin Import all XML, CSV & TXT into WordPress Security Bypass (6.4.1)

WordPress Plugin Restricted Site Access Security Bypass (7.3.1)

Cisco RV Series Authentication Bypass (CVE-2021-1472)

WordPress Plugin Theme My Login Security Bypass (6.4.6)

Severity

High

Classification

CVE-2020-17523 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass