Broken Authentication
摘要
When Ivanti security engineers received an urgent alert in July 2023, they discovered a critical zero-day vulnerability in Ivanti Endpoint Manager Mobile, the enterprise software managing countless government and corporate mobile devices worldwide. CVE-2023-35078 represented a complete authentication bypass that had been actively exploited for weeks before detection. The vulnerability affected several Norwegian government ministries and posed a significant threat to organizations globally.