Vulnerabilities > CVE-2021-21335 - Unspecified vulnerability in Spnego Http Authentication Module Project Spnego Http Authentication Module 1.0.0/1.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of spnego-http-auth-nginx-module. As a workaround, one may disable basic authentication.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
References
- https://github.com/stnoonan/spnego-http-auth-nginx-module/commit/a06f9efca373e25328b1c53639a48decd0854570
- https://github.com/stnoonan/spnego-http-auth-nginx-module/commit/a06f9efca373e25328b1c53639a48decd0854570
- https://github.com/stnoonan/spnego-http-auth-nginx-module/releases/tag/v1.1.1
- https://github.com/stnoonan/spnego-http-auth-nginx-module/releases/tag/v1.1.1
- https://github.com/stnoonan/spnego-http-auth-nginx-module/security/advisories/GHSA-ww8q-72rx-hc54
- https://github.com/stnoonan/spnego-http-auth-nginx-module/security/advisories/GHSA-ww8q-72rx-hc54