Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
SolarWinds Orion API Auth Bypass (cert.org)
1 point by zaltekk on Dec 26, 2020 | hide | past | favorite | 1 comment


> if an attacker appends a PathInfo parameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: