Site icon API Security Blog

Authentication Bypass

github.com/envoyproxy/envoy is vulnerable to Authentication Bypass. The vulnerability is caused due to downstream clients being able to force invalid gRPC requests to ext_authz, thereby circumventing ext_authz checks when failure_mode_allow is set to true. This leads to external authentication getting bypassed by downstream connections which compromises confidentiality of theā€¦Read More

Exit mobile version