Miggo Logo

CVE-2021-32637: Authelia vulnerable to an authentication bypassed with malformed request URI on nginx

10

CVSS Score
3.1

Basic Information

EPSS Score
0.66222%
Published
12/20/2021
Updated
4/22/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/authelia/authelia/v4go>= 4.0.0-alpha1, <= 4.29.24.29.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the error handling in VerifyGet function shown in the patch diff. Before the fix, when URL parsing failed (ctx.GetOriginalURL() error), it used ctx.Error which appears to have returned a 200 status code. The patch changes this to explicitly call ctx.ReplyUnauthorized(), confirming the original behavior was insecure. The CVE description explicitly references this handler_verify.go file and the authentication bypass scenario when malformed URIs are processed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T*is *****ts us*s w*o *r* usin* n*inx n*x_*ttp_*ut*_r*qu*st_mo*ul* wit* *ut**li*, it *llows * m*li*ious in*ivi*u*l w*o *r**ts * m*l*orm** *TTP r*qu*st to *yp*ss t** *ut**nti**tion m****nism. It ***ition*lly *oul* t**or*ti**lly *****t ot**r

Reasoning

T** vuln*r**ility st*ms *rom t** *rror **n*lin* in `V*ri*y**t` *un*tion s*own in t** p*t** *i**. ***or* t** *ix, w**n URL p*rsin* **il** (`*tx.**tOri*in*lURL()` *rror), it us** `*tx.*rror` w*i** *pp**rs to **v* r*turn** * *** st*tus *o**. T** p*t** *