CWE-287

In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).

An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.

SoPlanning before 1.47 doesn’t correctly check the security key used to publicly share plannings. It allows a bypass to get access without authentication.

HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.