Homepage

swauth@1.1.0 vulnerabilities

An alternative authentication system for Swift

  • latest version

    1.3.0

  • latest non vulnerable version

    1.3.0

  • first published

    9 years ago

  • latest version published

    7 years ago

  • licenses detected

  • View swauth package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the swauth package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Access Restriction Bypass

    swauth is An alternative authentication system for Swift.

    Affected versions of the package are vulnerable to Access Restriction Bypass. An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request.

    How to fix Access Restriction Bypass?

    Upgrade swauth to version 1.3.0 or higher.

    [,1.3.0)
    Go back to all versions of this package