phpBB forum fixes auth bypass bug lurking for a decade
A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]
Stay updated on the latest bypass techniques threatening information security. Discover defenses and trends in system vulnerabilities with our insights.
Search across headline titles and summaries.
Background for this topic.
Bypass describes attacker methods that circumvent specific security controls, such as authentication checks, input validation, or detection systems, without directly exploiting the underlying vulnerability. These techniques often leverage design flaws, misconfigurations, or protocol weaknesses to evade protections like firewalls, multi-factor authentication, or antivirus scanning.
Bypassing controls can enable unauthorized access, data exfiltration, or persistent presence while avoiding alerts, complicating detection and response. Effective defense requires layered security measures, rigorous configuration management, and continuous validation of control effectiveness to identify and close bypass paths before attackers exploit them.
A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]
Another day, another Windows exploit code
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender
Critical phpBB authentication bypass lets attackers hijack any account with one request
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol