HackingPassion.com
👻 home posts ethical hacking course newsletter shop whoami github youtube
HackingPassion.com

Authentication-Bypass

8 posts

/openbsd-pap-empty-password-bypass/openbsd-pap-empty-password-bypass.png
OpenBSD Let Attackers Log In With an Empty Password for 27 Years

June 17, 2026

A 27-year-old flaw in OpenBSD let attackers bypass its PPP login with nothing more than an empty username and an empty password. Hand a vulnerable system a …

/badhost-starlette-cve-2026-48710/featured-image.png
BadHost Breaks Into FastAPI and vLLM With a Single Character

May 27, 2026

BadHost is one character in an HTTP header that bypasses authentication on FastAPI, vLLM, LiteLLM, and the Python MCP SDK. They all run on Starlette. Starlette …

/cpanel-authentication-bypass-cve-2026-41940/featured-image.png
cPanel Authentication Bypass CVE-2026-41940 Gave Attackers 64 Days of Root Access

May 1, 2026

For 64 days, attackers had root access to cPanel servers managing over 70 million websites, and nobody had to know a single password to get in. A crafted HTTP …

/aspnet-core-dataprotection-hmac-cve-2026-40372/featured-image.png
How CVE 2026 40372 Breaks ASP.NET Core Authentication

April 22, 2026

The security fix Microsoft shipped in 2010 to stop attackers from decrypting ASP.NET traffic and forging authentication cookies just got quietly broken by a …

/nginx-ui-mcpwn-cve-2026-33032/featured-image.png
Nginx-UI MCPwn (CVE-2026-33032): Full Server Takeover With One Unauthenticated Request

April 16, 2026

A critical vulnerability in nginx-ui has been actively exploited since March 2026, and it gives any attacker on the network full control over the nginx server …

/telnetd-root-exploit-cve-2026-24061/featured-image.png
CVE-2026-24061. One Command, Root Access: The 11-Year Telnet Bug

January 24, 2026

It’s 2026 and attackers are still getting root shells via Telnet with a single command that requires no password whatsoever. 😏 SSH has existed for 31 …

/fortinet-authentication-bypass-cve-2020-12812-cve-2025-59718/featured-image.jpg
Fortinet Authentication Bypass: A 5-Year-Old Bug Returns While a New One Gets Exploited in 3 Days

December 27, 2025

You buy a firewall to protect your network. In one month, two different authentication bypasses are being actively exploited. One is five years old. One is …

/asus-tplink-authentication-bypass-cve-2025/featured-image.png
Your Router Just Failed: ASUS & TP-Link Critical Vulnerabilities (CVE-2025-59367)

November 16, 2025

Your router protects your home network from the internet. Or it’s supposed to. Two major vendors just proved it doesn’t. 😅 ASUS: CVE-2025-59367 …