Tag: authentication bypass

All the articles with the tag "authentication bypass".

[CVE-2025-54576] OAuth2-Proxy skip_auth_routes Lets Attackers Walk Straight Past the Login Screen

30 Jul, 2025

A design flaw in OAuth2-Proxy versions up to 7.10.0 means the skip_auth_routes option is applied to the full URL, not just the path. By adding crafty query parameters an attacker can bypass authentication completely.
[CVE-2025-49125] Apache Tomcat Pre/Post-Resource Authentication Bypass Exposes Protected Content

16 Jun, 2025

Mounting PreResources or PostResources outside the root path lets attackers reach files through an alternate URL that ignores security constraints, undermining Java web application access control.

[CVE-2025-54576] OAuth2-Proxy skip_auth_routes Lets Attackers Walk Straight Past the Login Screen