On August 17, 2020, Apache Shiro issued a risk notice about the authentication bypass. The vulnerability number is CVE-2020-13933, vulnerability level is a high risk, vulnerability score is 8.0. Apache Shiro has an authentication bypass vulnerability due to an error in processing the authentication request. A remote attacker can send a specially crafted HTTP request to bypass the authentication process and gain unauthorized access to the application.
- Apache Shiro < 1.6.0
- Apache Shiro 1.6.0
In this regard, we recommend that users upgrade Apache Shiro to the latest version in time.