•
MEDIUM Severity
CVE-2025-48027
HttpAuth plugin in pGina.Fork allows authentication bypass
Overview
The HttpAuth plugin in pGina.Fork through 3.9.9.12 is vulnerable to an authentication bypass if an attacker controls DNS resolution for pginaloginserver.
Technical Details
The vulnerability exists due to the capability of an attacker to control DNS resolution for pginaloginserver, this could allow him to bypass authentication through the HttpAuth plugin in pGina.Fork up to versions 3.9.9.12.
CVSS Metrics
- cvss_score: 5.4
- baseSeverity: "MEDIUM"
- attackVector: "NETWORK"
- attackComplexity: "HIGH"
- privilegesRequired: "NONE"
- userInteraction: "NONE"
- scope: "CHANGED"
- confidentialityImpact: "LOW"
- integrityImpact: "LOW"
- availabilityImpact: "NONE"
Impact
Victims can be at risk of unauthorized access.
Recommendations
- Updating pGina.Fork beyond version 3.9.9.12 as the vulnerability no longer exists in later versions.
- Enforcing strong DNS security measures
Threat Metrics
- cvss_score: 5.4
- severity: "MEDIUM"
- attack_vector: "NETWORK"
- attack_complexity: "HIGH"