CVE-2016-0733

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.8CRITICAL

EPSS

1.7%

top 17.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ranger

Timeline

PublishedApr 12

Latest updateOct 17

Description

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Mavenorg.apache.ranger:ranger< 0.5.1

▶NVDapache/ranger0.5.0

🔴Vulnerability Details

OSV

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password↗2018-10-17

▶

GHSA

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password↗2018-10-17

▶

CVEList

CVE-2016-0733: The Admin UI in Apache Ranger before 0↗2016-04-12

▶