Security Advisory

CVE-2021-21335

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-08 20:20:19

Last updated 2024-08-03 18:09:15

Assigner GitHub_M

State PUBLISHED

Description

In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of spnego-http-auth-nginx-module. As a workaround, one may disable basic authentication.

← Browse all CVEs View on cve.org ↗