A critical authorization bypass vulnerability in Vadi Corporate Information Systems DigiKent allows attackers to perform authentication abuse and gain unauthorized access.

The vulnerability is an authorization bypass through a user-controlled key. This allows an attacker to bypass authentication, enabling unauthorized access to the application and potentially abusing authentication-protected features.

With a CVSS score of 8.8, this flaw is highly severe. Unauthorized access to the DigiKent system could lead to the exposure of sensitive municipal or corporate data, unauthorized modification of records, and significant reputational damage.

Immediate Action: Update Vadi Corporate Information Systems DigiKent to a version released on or after 23.03.20.

Proactive Monitoring: Audit application access logs for any irregular authentication patterns or unauthorized user activities.

Compensating Controls: Implement strict network access controls to limit exposure of the application and consider multi-factor authentication (MFA) if supported.

Public Exploit Available: false

Authentication bypasses are critical vulnerabilities that must be addressed immediately. Organizations should verify their DigiKent version and perform the necessary updates to ensure that access controls are properly enforced and the system is secured against unauthorized entry.