Improper Authentication Vulnerability in SSO Configuration Allows Unauthorized Access

Improper Authentication Vulnerability in SSO Configuration Allows Unauthorized Access

CVE-2021-43935 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.

Learn more about our Web Application Penetration Testing UK.