CVE-2020-13933: Apache Shiro Authentication Bypass Vulnerability Alert
On August 17, 2020, Apache Shiro issued a risk notice about the authentication bypass. The vulnerability number is CVE-2020-13933, vulnerability level is a high risk, vulnerability score is 8.0. Apache Shiro has an authentication bypass vulnerability due to an error in processing the authentication request. A remote attacker can send a specially crafted HTTP request to bypass the authentication process and gain unauthorized access to the application.
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, password, and session management.
Affected version
- Apache Shiro < 1.6.0
Unaffected version
- Apache Shiro 1.6.0
Solution
In this regard, we recommend that users upgrade Apache Shiro to the latest version in time.
