{"id":"CVE-2021-45890","details":"basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.","modified":"2026-04-12T09:22:04.976502Z","published":"2021-12-27T20:15:07.480Z","references":[{"type":"ADVISORY","url":"https://github.com/AuthGuard/AuthGuard/compare/v0.8.0...v0.9.0"},{"type":"REPORT","url":"https://github.com/AuthGuard/AuthGuard/issues/166"},{"type":"FIX","url":"https://github.com/AuthGuard/AuthGuard/commit/9783b1143da6576028de23e15a1f198b1f937b82"},{"type":"FIX","url":"https://github.com/AuthGuard/AuthGuard/pull/181"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/AuthGuard/AuthGuard","events":[{"introduced":"0"},{"fixed":"d8fb797b20c39719c70132d4c83e656521e471ad"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.9.0"}]}},{"type":"GIT","repo":"https://github.com/authguard/authguard","events":[{"introduced":"0"},{"fixed":"9783b1143da6576028de23e15a1f198b1f937b82"}]}],"versions":["0.3.0","v0.6.0","v0.6.1","v0.7.0","v0.8.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45890.json","vanir_signatures_modified":"2026-04-12T09:22:04Z","vanir_signatures":[{"source":"https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82","target":{"file":"basic-auth/src/test/java/com/nexblocks/authguard/basic/BasicAuthProviderTest.java"},"signature_type":"Line","digest":{"line_hashes":["167451568374590941642638019719435585980","244461828869912855486190070844818968020","110533295592723580884075625693817486629","6727291960660647492694646324850011975","195524628311366956063717402381845051477","70824970217294445646298249717423644273","239757304757888333073196595667093680713"],"threshold":0.9},"id":"CVE-2021-45890-3716e3c1","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82","target":{"function":"verifyCredentialsAndGetAccount","file":"basic-auth/src/main/java/com/nexblocks/authguard/basic/BasicAuthProvider.java"},"signature_type":"Function","digest":{"length":607,"function_hash":"156748055427572707027455893573753558502"},"id":"CVE-2021-45890-37777aba","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82","target":{"function":"verifyCredentialsAndGetAccount","file":"basic-auth/src/main/java/com/nexblocks/authguard/basic/BasicAuthProvider.java"},"signature_type":"Function","digest":{"length":326,"function_hash":"31423526453879081218906602053074544697"},"id":"CVE-2021-45890-7f9b402a","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82","target":{"file":"service-api/src/main/java/com/nexblocks/authguard/service/exceptions/codes/ErrorCode.java"},"signature_type":"Line","digest":{"line_hashes":["30339207016731526823475821203145998952","237493918917445117086843407447476730824","195696297985794415947037894285166722498","59030671861724921690586633073770806895"],"threshold":0.9},"id":"CVE-2021-45890-8f69176a","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82","target":{"function":"authenticate","file":"basic-auth/src/test/java/com/nexblocks/authguard/basic/BasicAuthProviderTest.java"},"signature_type":"Function","digest":{"length":1023,"function_hash":"313821238547583351448578767452514814025"},"id":"CVE-2021-45890-c185195a","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82","target":{"file":"service-api/src/main/java/com/nexblocks/authguard/service/model/UserIdentifier.java"},"signature_type":"Line","digest":{"line_hashes":["201559486459685630455182539774519015215","305309987987366996116947124261328106850","25689703975335259379157252414779480968","46124762262897755457166005675124312426"],"threshold":0.9},"id":"CVE-2021-45890-e0fddcc2","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/authguard/authguard/commit/9783b1143da6576028de23e15a1f198b1f937b82","target":{"file":"basic-auth/src/main/java/com/nexblocks/authguard/basic/BasicAuthProvider.java"},"signature_type":"Line","digest":{"line_hashes":["22214750003900349557462986305969541362","126448820680283142044260122981539736148","92373096140101911942297410542047478189","61481259893629621771726770020027193290","174772473666014353802964198251701151796","179700644048307070213302642732886322410","217235780360665246504306858829811732265","323853222717439550910662091304485431350","296652433523478802321946300034504237957","146000067014268965655070353432237092140","234040505066537207772850258631597931717","332694152203992319604560548049949212272","136872266342728900586140003671738504004","325681963130043785140076653370785752449","108015144445120882093882979612440175278","218403671869182823479685485069552104671","311723854284278882750727088753999027533","325039254501209277499457548022885147493"],"threshold":0.9},"id":"CVE-2021-45890-e992fe6f","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}