Apple » Mac Os X Server : Security Vulnerabilities, CVEs, Published In 2009 (Gain Privilege)
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
Max CVSS
9.8
EPSS Score
2.65%
Published
2009-07-10
Updated
2024-02-13
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.
Max CVSS
10.0
EPSS Score
1.85%
Published
2009-02-13
Updated
2011-03-08
2 vulnerabilities found