Manual confirmation is required for this alert.
Your web application is possibly vulnerable to JAAS Authentication Bypass. JAAS (Java Authentication and Authorization Service) is the Java implementation of the standard Pluggable Authentication Module (PAM) information security framework. The main goal of JAAS is to separate the concerns of user authentication so that they may be managed independently.
Sometimes, JAAS is not configured correctly and an attacker can bypass the authentication. As an example, take a look at the code below:
Adminarea /admin/* GET POST administrator
- Remove all http-method definitions from the security-constraint section. This will default to "all HTTP methods".
- WordPress Plugin MailUp newsletter sign-up form Security Bypass (1.3.2)
- WordPress Plugin TheCartPress eCommerce Shopping Cart Order Information Security Bypass (22.214.171.124)
- WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2)
- WordPress Plugin Query Interface Security Bypass (1.1)
- WordPress Plugin User registration & user profile-Profile Builder Security Bypass (1.1.59)