Login Sign Up

CVE-2021-45890

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2021-45890 is an authentication bypass vulnerability in AuthGuard's BasicAuthProvider that allows authentication using inactive user identifiers. This affects all systems running AuthGuard versions before 0.9.0 that use basic authentication. Attackers can gain unauthorized access to protected resources by using deactivated or disabled accounts.

💻 Affected Systems

Products:
  • AuthGuard
Versions: All versions before 0.9.0
Operating Systems: All platforms running AuthGuard
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using BasicAuthProvider for authentication. Other authentication providers are not vulnerable.

📦 What is this software?

Authguard by Authguard Project

View all CVEs affecting Authguard →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers gain administrative access using deactivated privileged accounts, leading to data theft, system manipulation, or lateral movement.

🟠

Likely Case

Unauthorized access to protected resources and sensitive data using inactive user accounts, potentially leading to privilege escalation.

🟢

If Mitigated

Limited impact with proper monitoring and access controls, but still represents an authentication bypass that should be addressed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires knowledge of inactive user identifiers and their credentials. The vulnerability is in the authentication logic itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.9.0

Vendor Advisory: https://github.com/AuthGuard/AuthGuard/commit/9783b1143da6576028de23e15a1f198b1f937b82

Restart Required: Yes

Instructions:

1. Update AuthGuard to version 0.9.0 or later. 2. Restart the AuthGuard service. 3. Verify the fix by testing authentication with inactive accounts.

🔧 Temporary Workarounds

Switch to alternative authentication provider

all

Temporarily disable BasicAuthProvider and use a different authentication method until patching is possible.

# Edit AuthGuard configuration to use alternative auth provider
# Restart AuthGuard service

🧯 If You Can't Patch

  • Implement additional authentication layer (2FA/MFA) for all users
  • Monitor authentication logs for attempts using inactive accounts and implement alerting

🔍 How to Verify

Check if Vulnerable:

Test authentication with a known inactive user account. If authentication succeeds, the system is vulnerable.

Check Version:

Check AuthGuard version in configuration files or via application logs

Verify Fix Applied:

After patching, attempt authentication with an inactive user account. Authentication should fail.

📡 Detection & Monitoring

Log Indicators:

  • Authentication attempts using inactive or disabled user accounts
  • Successful logins from accounts marked as inactive

Network Indicators:

  • Basic authentication requests to AuthGuard endpoints
  • Unusual authentication patterns

SIEM Query:

source="authguard" AND (event="authentication_success" AND user_status="inactive")

📊 Metadata

CVE ID: CVE-2021-45890
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: December 27, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45890, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)