Lucene search
Alex Birnberg of Zymo SecurityZDI-23-1155HistoryAug 21, 2023 - 12:00 a.m.
SonicWALL GMS Virtual Appliance HttpDigestAuthenticator Authentication Bypass Vulnerability
2023-08-2100:00:00
Alex Birnberg of Zymo Security
www.zerodayinitiative.com
9
sonicwall
gms
virtual appliance
httpdigestauthenticator
authentication bypass
vulnerability
remote attackers
predictable digest credential
0.052 Low
EPSS
Percentile
93.0%
This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpDigestAuthenticator class. The issue results from a predictable digest credential in the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system.
Related
nvd
nvd
CVE-2023-34124
2023-07-13 01:15:08
cve
cve
CVE-2023-34124
2023-07-13 01:15:08
cvelist
cvelist
CVE-2023-34124
2023-07-13 00:14:16
prion
prion
Authentication flaw
2023-07-13 01:15:00
nuclei
nuclei
SonicWall GMS and Analytics Web Services - Shell Injection
2023-08-28 13:26:29
metasploit
metasploit
Sonicwall
2023-08-21 15:53:07
packetstorm
packetstorm
Sonicwall GMS 9.9.9320 Remote Code Execution
2023-09-08 00:00:00
rapid7blog
rapid7blog
SonicWall Recommends Urgent Patching for GMS and Analytics CVEs
2023-07-13 14:56:13
Metasploit Weekly Wrap-Up
2023-09-15 18:54:45
thn
thn
attackerkb
attackerkb
CVE-2023-34127
2023-08-21 00:00:00