Weak Authentication

2023-09-2008:38:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

org.eclipse.jetty

jetty-openid

logical programming defect

validaterequest function

authentication bypass

loginservice

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

46.3%

JSON

org.eclipse.jetty, jetty-openid is vulnerable to Weak Authentication. The vulnerability is caused by a logical programming defect in the validateRequest function in the OpenIdAuthenticator.java class which allows current requests to still proceed even when LoginService does return that the authentication has been revoked (from the validate() method) and the OpenIdAuthenticator removes the authentication from the session. This results in the current request still being treated as authenticated and can cause a request on a previously authenticated session to be allowed to bypass authentication after it had been rejected by the LoginService. This vulnerability is possible only when Jetty OpenIdAuthenticator uses the optional LoginService.