Zero-day authentication bypass vulnerability discovered in Apache OFBiz ERP system

Here’s an interesting article on an OfBiz security vulnerability:

It looks like it was fixed with this commit: Replaced direct null checks on username, password, and token with Uti… · apache/ofbiz-framework@fb51a0e · GitHub

Just thought I’d share. Make sure to update your OfBiz instances if you haven’t already

1 Like