Login Sign Up

CVE-2021-45379

8.8 HIGH
Authentication Bypass

📋 TL;DR

CVE-2021-45379 is an authentication bypass vulnerability in Glewlwyd OAuth2/OIDC server where one user can log in as another user without knowing their password. This affects Glewlwyd versions 2.0.0 through 2.6.0. The vulnerability allows unauthorized access to user accounts and their associated permissions.

💻 Affected Systems

Products:
  • Glewlwyd
Versions: 2.0.0 through 2.6.0
Operating Systems: All platforms running Glewlwyd
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Glewlwyd by Glewlwyd Project

View all CVEs affecting Glewlwyd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative privileges, access sensitive user data, modify configurations, or compromise the entire authentication system.

🟠

Likely Case

Unauthorized access to user accounts leading to data exposure, privilege escalation, and session hijacking.

🟢

If Mitigated

Limited impact with proper network segmentation, monitoring, and multi-factor authentication in place.

🌐 Internet-Facing: HIGH - Authentication servers exposed to the internet are primary targets for credential theft and account takeover.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to escalate privileges or access unauthorized resources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires a valid user account but allows impersonation of other users. The vulnerability is in the authentication logic itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.1

Vendor Advisory: https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Stop Glewlwyd service. 3. Upgrade to version 2.6.1 or later. 4. Restart Glewlwyd service. 5. Verify functionality.

🔧 Temporary Workarounds

Network isolation

linux

Restrict access to Glewlwyd to only trusted networks and required clients

iptables -A INPUT -p tcp --dport [glewlwyd_port] -s [trusted_network] -j ACCEPT
iptables -A INPUT -p tcp --dport [glewlwyd_port] -j DROP

🧯 If You Can't Patch

  • Implement additional authentication layer (e.g., reverse proxy with extra auth)
  • Enable detailed logging and monitoring for suspicious authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check Glewlwyd version: if between 2.0.0 and 2.6.0 inclusive, system is vulnerable

Check Version:

glewlwyd --version or check package manager (apt list --installed | grep glewlwyd)

Verify Fix Applied:

Verify version is 2.6.1 or later and test authentication with different user accounts

📡 Detection & Monitoring

Log Indicators:

  • Multiple successful logins from same IP with different usernames
  • Rapid authentication attempts with different user credentials
  • User logging in from unusual locations/times

Network Indicators:

  • Unusual authentication traffic patterns
  • Multiple authentication requests in short timeframes

SIEM Query:

source="glewlwyd.log" AND (event="authentication_success" AND count() by src_ip > 5 within 1m)

📊 Metadata

CVE ID: CVE-2021-45379
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: December 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45379, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)