CVE-2021-45890

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-45890

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-45890.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-45890

Published

2021-12-27T20:15:07Z

Modified

2025-09-19T13:28:53.244535Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.

References

Affected packages

Git / github.com/authguard/authguard

Affected ranges

Type: GIT
Repo: https://github.com/authguard/authguard
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9783b1143da6576028de23e15a1f198b1f937b82

Affected versions

0.*

0.3.0

v0.*

v0.3.0

v0.5.0

v0.6.0

v0.6.1

v0.7.0

v0.8.0

Database specific

{
    "vanir_signatures": [
        {
            "target": {
                "file": "basic-auth/src/test/java/com/nexblocks/authguard/basic/BasicAuthProviderTest.java"
            },
            "id": "CVE-2021-45890-3716e3c1",
            "source": "https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82",
            "digest": {
                "line_hashes": [
                    "167451568374590941642638019719435585980",
                    "244461828869912855486190070844818968020",
                    "110533295592723580884075625693817486629",
                    "6727291960660647492694646324850011975",
                    "195524628311366956063717402381845051477",
                    "70824970217294445646298249717423644273",
                    "239757304757888333073196595667093680713"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "file": "basic-auth/src/main/java/com/nexblocks/authguard/basic/BasicAuthProvider.java",
                "function": "verifyCredentialsAndGetAccount"
            },
            "id": "CVE-2021-45890-37777aba",
            "source": "https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82",
            "digest": {
                "length": 607.0,
                "function_hash": "156748055427572707027455893573753558502"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "basic-auth/src/main/java/com/nexblocks/authguard/basic/BasicAuthProvider.java",
                "function": "verifyCredentialsAndGetAccount"
            },
            "id": "CVE-2021-45890-7f9b402a",
            "source": "https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82",
            "digest": {
                "length": 326.0,
                "function_hash": "31423526453879081218906602053074544697"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "service-api/src/main/java/com/nexblocks/authguard/service/exceptions/codes/ErrorCode.java"
            },
            "id": "CVE-2021-45890-8f69176a",
            "source": "https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82",
            "digest": {
                "line_hashes": [
                    "30339207016731526823475821203145998952",
                    "237493918917445117086843407447476730824",
                    "195696297985794415947037894285166722498",
                    "59030671861724921690586633073770806895"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "file": "basic-auth/src/test/java/com/nexblocks/authguard/basic/BasicAuthProviderTest.java",
                "function": "authenticate"
            },
            "id": "CVE-2021-45890-c185195a",
            "source": "https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82",
            "digest": {
                "length": 1023.0,
                "function_hash": "313821238547583351448578767452514814025"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "service-api/src/main/java/com/nexblocks/authguard/service/model/UserIdentifier.java"
            },
            "id": "CVE-2021-45890-e0fddcc2",
            "source": "https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82",
            "digest": {
                "line_hashes": [
                    "201559486459685630455182539774519015215",
                    "305309987987366996116947124261328106850",
                    "25689703975335259379157252414779480968",
                    "46124762262897755457166005675124312426"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "file": "basic-auth/src/main/java/com/nexblocks/authguard/basic/BasicAuthProvider.java"
            },
            "id": "CVE-2021-45890-e992fe6f",
            "source": "https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82",
            "digest": {
                "line_hashes": [
                    "22214750003900349557462986305969541362",
                    "126448820680283142044260122981539736148",
                    "92373096140101911942297410542047478189",
                    "61481259893629621771726770020027193290",
                    "174772473666014353802964198251701151796",
                    "179700644048307070213302642732886322410",
                    "217235780360665246504306858829811732265",
                    "323853222717439550910662091304485431350",
                    "296652433523478802321946300034504237957",
                    "146000067014268965655070353432237092140",
                    "234040505066537207772850258631597931717",
                    "332694152203992319604560548049949212272",
                    "136872266342728900586140003671738504004",
                    "325681963130043785140076653370785752449",
                    "108015144445120882093882979612440175278",
                    "218403671869182823479685485069552104671",
                    "311723854284278882750727088753999027533",
                    "325039254501209277499457548022885147493"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        }
    ]
}