An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG.
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Secure_web_gateway | Skyhighsecurity | 8.0.0 (including) | 8.2.28 (excluding) |
| Secure_web_gateway | Skyhighsecurity | 9.0.0 (including) | 9.2.23 (excluding) |
| Secure_web_gateway | Skyhighsecurity | 10.0.0 (including) | 10.2.12 (excluding) |
| Secure_web_gateway | Skyhighsecurity | 11.0.0 (including) | 11.2.1 (excluding) |