S4E

CVE-2019-20933 Scanner

Detects 'Authentication Bypass' vulnerability in InfluxDB affects v. before 1.7.6.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

1 month

Scan only one

Url

Toolbox

-

InfluxDB is a popular open-source time-series database used to store, index and query large amounts of time-stamped data. It is commonly used for monitoring, analytics, and other time-sensitive and data-driven applications. The platform is widely embraced by developers, data scientists, and other professionals who require real-time insights and fast data retrieval. InfluxDB has gained a lot of attention in recent years owing to its high performance, horizontal scalability, and flexible data model.

CVE-2019-20933 is a critical security vulnerability discovered in InfluxDB before 1.7.6. The issue arises due to an authentication bypass vulnerability found in the authenticate function in services/httpd/handler.go. It is believed that a JSON Web Token may have an empty SharedSecret, also known as a shared secret, which can lead to a serious vulnerability in the system's security. This vulnerability can offer remote attackers the ability to bypass user authentication for ingress traffic to the API or dashboard endpoints.

When exploited, this vulnerability can significantly impact security, potentially causing unauthorized access, data tampering, data exfiltration, denial of service, and other harmful attacks. The exploitation of this vulnerability may result in unauthorized access to sensitive data or system resources, leading to damage to reputation, legal consequences, financial loss, and other serious outcomes.

Thanks to the s4e.io platform, individuals can easily and quickly learn about the vulnerabilities in their digital assets without the need to be a security expert. With its advanced features, security professionals can gain insight into the security profile of their digital assets and take appropriate action to protect against vulnerabilities like CVE-2019-20933. So, take advantage of the advanced features of s4e.io platform to ensure your digital asset security.

 

REFERENCES

Get started to protecting your Free Full Security Scan