authentication-bypass
2 posts
Article
Victim types the password, attacker keeps the token
CVE-2023-4714 session fixation (CWE-384) explained: how attackers plant a session ID, bypass MFA, what fires in telemetry, and why rotation alone is not enough.
Article
The login page was never the boundary
Cisco's CVSS 9.8 IMC authentication bypass shows why perimeter-based identity fails: when reachability equals admin, the network is the credential.