CVE Vulnerabilities

CVE-2023-41920

Authentication Bypass by Primary Weakness

Published: Jul 02, 2024 | Modified: Jul 02, 2024

CVSS 3.x

N/A

Source:

NVD

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-41920
CWE	https://cwe.mitre.org/data/definitions/305.html

The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.

Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

References

https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.