Plataforma
nginx
Componente
spnego-http-auth-nginx-module
Corrigido em
1.1.2
CVE-2021-21335 describes an authentication bypass vulnerability within the SPNEGO HTTP Authentication Module for nginx. An attacker can bypass basic authentication by crafting a malformed username, potentially leading to unauthorized access. This issue affects versions of the module prior to 1.1.1, and a fix is available in version 1.1.1.
This vulnerability allows an attacker to bypass basic authentication within the nginx SPNEGO HTTP Authentication Module. By sending a specially crafted username, an attacker can potentially gain access to resources protected by basic authentication without providing valid credentials. The impact is significant as it can lead to unauthorized access to sensitive data or functionality exposed by the web server. This bypass circumvents the intended security controls, allowing attackers to impersonate legitimate users.
This CVE was publicly disclosed on March 8, 2021. There are currently no known active exploitation campaigns targeting this vulnerability. No public proof-of-concept exploits have been widely published. The vulnerability is not listed on the CISA KEV catalog at the time of this writing.
Organizations using nginx with the SPNEGO HTTP Authentication Module and relying on basic authentication for access control are at risk. This includes deployments where basic authentication is used for internal applications or services, and those with legacy configurations that haven't been updated recently.
• nginx / server:
# Check module version
nginx -V 2>&1 | grep -i spnego• nginx / server:
# Check nginx access logs for suspicious username patterns (e.g., excessively long or containing unusual characters)
grep -i 'username=[[:alnum:]]{100,}' /var/log/nginx/access.logdisclosure
Status do Exploit
EPSS
0.42% (percentil 62%)
Vetor CVSS
The primary mitigation for CVE-2021-21335 is to upgrade the SPNEGO HTTP Authentication Module to version 1.1.1 or later. If immediate upgrading is not possible due to compatibility issues or breaking changes, disabling basic authentication is a viable workaround. This prevents the vulnerability from being exploited, although it may impact legitimate users relying on basic authentication. Review nginx configuration to ensure basic authentication is only enabled where absolutely necessary.
Atualize o módulo spnego-http-auth-nginx-module para a versão 1.1.1 ou superior. Como alternativa, desabilite a autenticação básica.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2021-21335 is a vulnerability in the SPNEGO HTTP Authentication Module for nginx that allows attackers to bypass basic authentication using a malformed username, potentially gaining unauthorized access.
You are affected if you are using the SPNEGO HTTP Authentication Module for nginx in versions 1.1.1 or earlier and have basic authentication enabled.
Upgrade the SPNEGO HTTP Authentication Module to version 1.1.1 or later. As a temporary workaround, disable basic authentication.
There are currently no known active exploitation campaigns targeting this vulnerability, but it remains a potential risk.
Refer to the nginx security advisory for details: https://mail.nginx.org/archives/announce/2021/Mar/msg00003.html
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.