{“lastseen”:”2026-04-15T16:58:09″,”description”:”It was found out that a user is still able to login at the Kiuwan WebUI via SSO, even if the Kiuwan mapped account has been disabled in the user settings by an admin. This issue has been addressed in version 2.8.2509.4…”,”published”:”2026-04-15T00:00:00″,”modified”:”2026-04-15T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Kiuwan SAST 2.8.2412.0 Improper Enforcement”,”source”:””,”references”:””,”id”:”PACKETSTORM:218979″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-24069″],”sourceData”:”SEC Consult Vulnerability Lab Security Advisory \\u003c 20260414-0 \\u003e\\n =======================================================================\\n title: Improper Enforcement of Locked Accounts in WebUI (SSO)\\n \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 product: Kiuwan SAST on-premise (KOP) \\u0026 cloud\/SaaS\\n \u00a0vulnerable version: \\u003c2.8.2509.4\\n \u00a0 \u00a0 \u00a0 fixed version: 2.8.2509.4\\n \u00a0 \u00a0 \u00a0 \u00a0 \u00a0CVE number: CVE-2026-24069\\n \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0impact: medium\\n homepage:https:\/\/www.kiuwan.com\/\\n \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 found: 2025-03-31\\n by: Bernhard Gr\u00fcndling (Office Vienna)\\n Fabian W\u00fcrfl (Office Vienna)\\n Johannes Greil (Office Vienna)\\n SEC Consult Vulnerability Lab\\n \\n An integrated part of SEC Consult, an Atos business\\n Europe | Asia\\n \\n https:\/\/www.sec-consult.com\\n \\n =======================================================================\\n \\n Vendor description:\\n ——————-\\n \\”Thorough code inspection is essential for designing secure software products.\\n While your development team may not have time to comb through every line of code,\\n Kiuwan does. For 20 years, it has been the choice of developers to scan code\\n automatically and remediate defects according to security standards like OWASP,\\n CWE, SANS, and CERT.\\n \\n Static application security testing (SAST) scans for security flaws in the source\\n code without running the program. It is a white-box testing method that is the\\n counterpart to dynamic application software testing (DAST), which tests web applications\\n for run-time vulnerabilities. […]\\”\\n \\n Source:https:\/\/www.kiuwan.com\/code-security-sast\/\\n \\n \\n Business recommendation:\\n ————————\\n The vendor provides a patch which should be installed immediately.\\n \\n SEC Consult highly recommends to perform a thorough security review of the product\\n conducted by security professionals to identify and resolve potential further\\n security issues.\\n \\n \\n Vulnerability overview\/description:\\n ———————————–\\n 1) Improper Enforcement of Locked Accounts in WebUI (SSO) (CVE-2026-24069)\\n Kiuwan offers the possibility to enable single sign-on (SSO) for authentication,\\n e.g. through Microsoft ADFS or Azure to authenticate against an active directory.\\n It needs to map the AD user accounts with locally configured accounts for\\n authorization purposes, e.g. to configure the roles and access to applications.\\n SSO users have the local logon disabled and there is no password set, authentication\\n only works via SSO then.\\n \\n It was found out that the user is still able to login at the Kiuwan WebUI via SSO,\\n even if the Kiuwan mapped account has been disabled in the user settings by an admin.\\n The login does not work in the scanner agent (KLA – Kiuwan Local Analyzer) though.\\n There the authorization check seems to be verifying the validity of the account first\\n and throws the error message \\”Failed to authenticate using Single sign-on\\”.\\n \\n \\n Proof of concept:\\n —————–\\n 1) Improper Enforcement of Locked Accounts in WebUI (SSO) (CVE-2026-24069)\\n No specific PoC is necessary. An SSO login is possible even after disabling\\n the Kiuwan mapped user account in the Kiuwan user admin settings.\\n Steps to reproduce:\\n a) Disable user in Kiuwan user settings\\n b) Authenticate via SSO, e.g. through Microsoft ADFS\\n c) Login is possible in the Kiuwan WebUI\\n \\n \\n Vulnerable \/ tested versions:\\n —————————–\\n The following version has been tested which was the latest version available\\n at the time of the test:\\n * 2.8.2412.0\\n \\n \\n Vendor contact timeline:\\n ————————\\n 2025-04-02: Contacting vendor through official Kiuwan ticket system\\n (https:\/\/kiuwan.zendesk.com)\\n Kiuwan support responds that they will take a look into\\n our submission. Support sends us a few details regarding\\n SSO authentication.\\n 2025-04-03: Informing the vendor that we know how SSO auth in Kiuwan\\n works and our vulnerability exploits the improper enforcement\\n of locked accounts.\\n 2025-04-15: Vendor informs us that the issue has been escalated to R\\u0026D.\\n 2025-07-29: Vendor has resolved the issue in the latest Kiuwan Cloud release.\\n 2025-07-29: Asking the vendor regarding the fix for Kiuwan On-Premise.\\n Vendor responds that it is currently being tested for KOP and\\n they will inform us.\\n 2025-11-03: Asking for a status update as we were not informed yet.\\n 2025-11-10: Support team responds that KOP release is expected within the\\n next couple of weeks.\\n 2025-11-24: Issue has been resolved in the latest KOP release.\\n 2025-11-28: Informing vendor that we cannot upgrade\/verify the KOP release yet,\\n scheduled for 2026.\\n 2026-04-14: Public release of advisory.\\n \\n \\n Solution:\\n ———\\n The security issue has been fixed by the vendor on 29th July 2025 for the\\n Kiuwan Cloud solution.\\n \\n The vendor provides a patch for the Kiuwan On-Premises version 2.8.2509.4\\n which can be downloaded from the vendor’s installation page:\\n https:\/\/support.kiuwan.com\/hc\/en-us\/articles\/36356787260433-Kiuwan-On-Premises-Distributed-Installation-Guide\\n \\n \\n Workaround:\\n ———–\\n None\\n \\n \\n Advisory URL:\\n ————-\\n https:\/\/sec-consult.com\/vulnerability-lab\/\\n \\n \\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n \\n SEC Consult Vulnerability Lab\\n An integrated part of SEC Consult, an Atos business\\n Europe | Asia\\n \\n About SEC Consult Vulnerability Lab\\n The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an\\n Atos business. It ensures the continued knowledge gain of SEC Consult in the\\n field of network and application security to stay ahead of the attacker. The\\n SEC Consult Vulnerability Lab supports high-quality penetration testing and\\n the evaluation of new offensive and defensive technologies for our customers.\\n Hence our customers obtain the most current information about vulnerabilities\\n and valid recommendation about the risk profile of new technologies.\\n \\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n Interested to work with the experts of SEC Consult?\\n Send us your applicationhttps:\/\/sec-consult.com\/career\/\\n \\n Interested in improving your cyber security with the experts of SEC Consult?\\n Contact our local officeshttps:\/\/sec-consult.com\/contact\/\\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n \\n Mail: security-research at sec-consult dot com\\n Web:https:\/\/www.sec-consult.com\\n Blog:https:\/\/blog.sec-consult.com\\n X:https:\/\/x.com\/sec_consult\\n \\n EOF Bernhard Gr\u00fcndling, Johannes Greil, Fabian W\u00fcrfl \/ @2026″,”sourceHref”:”https:\/\/packetstorm.news\/download\/218979″,”cvss”:{“score”:5.4,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/218979\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-15T16:58:09″,”description”:”It was found out that a user is still able to login at the Kiuwan WebUI via SSO, even if the Kiuwan mapped account has…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,82,12,21,13,53,7,11,5],"class_list":["post-47249","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-54","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n