CVE-2020-13933: Apache Shiro Authentication Bypass Vulnerability Alert

On August 17, 2020, Apache Shiro issued a risk notice about the authentication bypass. The vulnerability number is CVE-2020-13933, vulnerability level is a high risk, vulnerability score is 8.0. Apache Shiro has an authentication bypass vulnerability due to an error in processing the authentication request. A remote attacker can send a specially crafted HTTP request to bypass the authentication process and gain unauthorized access to the application.

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, password, and session management.

Affected version

  • Apache Shiro < 1.6.0

Unaffected version

  • Apache Shiro 1.6.0

Solution

In this regard, we recommend that users upgrade Apache Shiro to the latest version in time.