module
Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth
| Disclosed |
|---|
| Aug 14, 2019 |
Disclosed
Aug 14, 2019
Description
This module generates a remember me cookie for a valid username. Through unpropper seeding
while userdate are requested from LDAP or OAuth it's possible to craft a valid remember me cookie.
This cookie can be used for bypass authentication for everyone knowing a valid username.
while userdate are requested from LDAP or OAuth it's possible to craft a valid remember me cookie.
This cookie can be used for bypass authentication for everyone knowing a valid username.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.