Architecture Digest
Jan 18, 2021 · Information Security
Authentication Bypass Vulnerability in Nacos 1.4.1 (User‑Agent and Server Identity)
The article analyzes a bypass flaw in Nacos 1.4.1 where the serverIdentity key‑value authentication can be evaded by crafting URLs with a trailing slash, allowing attackers to list, create, and log in as users despite the intended security checks.
Authentication BypassNacosSecurity Vulnerability
0 likes · 8 min read