On October 30, 2024, a vulnerability was discovered in the cache key generation for AD/LDAP DelAuth, utilizing the Bcrypt algorithm and user credentials.
This vulnerability allows users to potentially authenticate using only their username if the cache key from a past successful authentication is still valid.
The exploit is particularly vulnerable when the agent is down or during periods of high traffic, causing DelAuth to access the cache directly.
Under these specific conditions, the security risks are heightened, emphasizing the need for rigorous checks during authentication processes to mitigate such vulnerabilities.
The identified flaw highlights critical security weaknesses in how combined user strings are hashed and stored for authentication mechanisms.
Collection
[
|
...
]