Description

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, password and session management.

Apache Shiro before 1.7.1 (when used with Spring), is vulnerable to an authentication bypass vulnerability that allows an attacker to bypass authentication using a specially crafted HTTP request .

Remediation

Uprade to the latest version of Apache Shiro.

References

Apache Shiro Vulnerability Reports

CVE-2020-17523 Apache Shiro authentication bypass analysis

Related Vulnerabilities

WordPress Plugin Event Single Page Templates Addon For The Events Calendar Security Bypass (1.5)

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (8.9)

WordPress Plugin WP Learn Manager Security Bypass (1.1.4)

Spring Security Authentication Bypass

WordPress Plugin GA Top post for WP by Asentechllc Security Bypass (1.0)

Severity

High

Classification

CVE-2020-17523 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass