Detects 'Authentication Bypass' vulnerability in Apache Software Foundation APISIX Dashboard affects v. 2.7, 2.7.1, 2.8, 2.9 and 2.10.
Can be used by
Scan only one
CVE-2021-45232 Scanner Detail
APISIX Dashboard is a powerful tool used for managing API gateways. It serves as the control and management layer for the APISIX open source API gateway. This software is widely used by developers and DevOps teams who need to manage, analyze and monitor their API traffic for their critical applications. APISIX Dashboard helps organizations to improve their API gateway performance and security by providing a user-friendly interface to configure and monitor their API Gateway, making it an integral piece of the API infrastructure.
Recently, a critical vulnerability, CVE-2021-45232, was identified in Apache APISIX Dashboard software version 2.10.0 and earlier. The vulnerability occurs in the Manager API function of the dashboard. The Manager API uses two different frameworks, gin and droplet, to handle authentication. However, some APIs directly employ the interface of the gin framework, and this issue causes them to bypass the authentication middleware. An unauthorized user can exploit this vulnerability and gain access to protected resources without proper authentication.
When exploited, the CVE-2021-45232 vulnerability can allow malicious actors to gain access to protected resources without proper authentication. Attackers can easily exploit this vulnerability and can execute unauthorized API calls, and can access crucial data or insert malicious payloads without the need for any valid credentials. The attacker can also manipulate the API endpoints, introducing new vulnerabilities that could potentially compromise the confidentiality and integrity of the data, which can lead to significant damage, including data tampering, data exfiltration, and loss of reputation for organizations.
Thanks to the advanced features of the securityforeveryone.com platform, IT professionals can easily and quickly learn about vulnerabilities in their digital assets. By using this platform, they can receive custom alerts regarding critical vulnerabilities and take immediate action to reduce their attack surface. The platform offers enhanced vulnerability scanning capabilities with continuous updates, providing IT professionals with reliable and up-to-date vulnerability information to help safeguard their digital assets. By using these web-based cybersecurity services, businesses can reduce their attack surface and improve their overall security posture, resulting in increased customer confidence and reduced risks.