Authentication Bypass Vulnerability in NPS before v0.26.10

CVE-2022-40494 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters.

Learn more about our Web Application Penetration Testing UK.