Authentication Bypass | writeups.xyz

Title	Vulnerabilities	Programs	Authors
CentreStack Disclosure	Authentication Bypass Password Reset Unrestricted File Upload RCE	Gladinet (CentreStack)	Michael Rand
How I Found My First Bug in Android App	Android Authentication Bypass Insecure Intent	Undisclosed	Barath Stalin
Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI	RCE Authentication Bypass Security Code Review JWT	Yellowfin BI	Maxwell Garrett (@TheGrandPew) Shubham Shah (@Infosec_au)
Using 0days to Protect the United Nations	RCE Authentication Bypass Path Traversal	United Nations	Florian Hauser (@Frycos)
Centreon map vulnerability	Authentication Bypass	Centreon	Vladimir
YAFPC — Unauthenticated Remote Code Execution	Authentication Bypass Hardcoded Credentials RCE	Undisclosed	Luke Paris
CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion Enterprise	Authentication Bypass SSRF	Rocket Software	Tom Wedgbury
Cacti: Unauthenticated Remote Code Execution	RCE Authentication Bypass OS Command Injection Security Code Review	Cacti	Stefan Schiller (@Scryh_)
Authentication Bypass in Nexus manager (version 3.37.3–02)	Components With Known Vulnerabilities Authentication Bypass HTTP Response Manipulation	Undisclosed	SHARAN.K
How I found multiple critical bugs in Red Bull	Authentication Bypass HTTP Response Manipulation Path Traversal LFI XSS SQL Injection RCE Unrestricted File Upload RFI Security Code Review	Red Bull	Bartłomiej Bergier (@_Bergee_)
0 click Facebook Account Takeover and Two-Factor Authentication Bypass	Authentication Bypass GraphQL Account Takeover Android 2FA / MFA Bypass	Meta / Facebook	Abdellah Yaala (@Yaalaab)
Better Make Sure Your Password Manager Is Secure	Hardcoded Credentials XSS Cryptographic Issues Broken Authorization Authentication Bypass	Click Studios	Kuekerino (@Kuekerino) Ubahnverleih (@Ubahnverleih) Parzel (@Parzel2)
2FA Enabled Accounts Can Bypass Authentication & Access Account After Deactivation	Authentication Bypass Account Takeover	Undisclosed	Sharat Kaikolamthuruthil (@Sharp488)
Access Any Owner Account without Authentication (Auth bypass + 2FA bypass)	Authentication Bypass 2FA / MFA Bypass Account Takeover	Undisclosed	Sharat Kaikolamthuruthil (@Sharp488)
From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942)	Authentication Bypass Kerberos RCE Privilege Escalation Security Code Review	Intel	Julien Ahrens (@MrTuxracer)
Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)	RCE Code Injection SSRF Line Feed Injection Arbitrary File Read Authentication Bypass Security Code Review	Checkmk	Stefan Schiller (@Scryh_)
Accidental $70k Google Pixel Lock Screen Bypass	Lock Screen Bypass Authentication Bypass Android	Google	David Schütz (@Xdavidhu)
23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite	JWT Authentication Bypass Arbitrary File Write Unrestricted File Upload	Undisclosed	Souhaib Naceri (@H4x0r_dz)
Google SSO misconfiguration leading to Account Takeover	Authentication Bypass Account Takeover SSO	Undisclosed	0x4KD (@0x4kd)
FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)	Authentication Bypass	Fortinet	James Horseman (@JamesHorseman2) Zach Hanley (@Hacks_zach)
How I Found A P1 Bug	Authentication Bypass Information Disclosure	Undisclosed	Amith
Exploits Explained: 5 Unusual Authentication Bypass Techniques	Authentication Bypass JWT CMS SSO	Undisclosed	Ozgur Alp (@Ozgur_bbh)
My First Valid Bug “Bypass the Admin Panel”	Authentication Bypass	Undisclosed	Digant Prajapati
How I was able to Bypass Philips Authentication	Outdated Component With a Known Vulnerability Authentication Bypass	Philips	ParagBagul
Account takeover worth $1000	Account Takeover Authentication Bypass Information Disclosure Password Reset	Undisclosed	Faique (@Imfaiqu3)

Page 4 of 9