CVE-2009-2422 in Ruby on Rails and Apple Products
Published on July 10, 2009
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
Products Associated with CVE-2009-2422
stack.watch emails you whenever new vulnerabilities are published in Ruby on Rails or Apple macOS. Just hit a watch button to start following.
Exploit Probability
EPSS
0.40%
Percentile
60.45%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.