Tag: Authentication
Problems related to user or service authentication, such as invalid tokens or failed logins
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0029 Low Impact: 6/10 Mitigation: 5/10 | Loki fails to retrieve AWS credentials when specifying S3 endpoint with IRSA | - When deploying Grafana Loki with AWS S3 as the storage backend and specifying a custom S3 endpoint (e.g., for FIPS compliance or GovCloud regions), Loki may fail to retrieve AWS credentials via IAM Roles for Service Accounts (IRSA). This results in errors during startup or when attempting to upload index tables, preventing Loki from functioning correctly. | Storage | loki | LokiS3AWSIrsaStorageAuthenticationHelmPublic |
| CRE-2025-0064 High Impact: 5/10 Mitigation: 2/10 | Terraform Cloud Authentication Failure | - This error occurs when Terraform Cloud authentication fails due to missing or invalid API tokens, workspace or organization misconfiguration, or insufficient permissions. | Provisioning Problems | terraform | TerraformPermissionsAuthentication |
| CRE-2025-0131 High Impact: 10/10 Mitigation: 4/10 | Supabase Self-Hosted: JWT Secret Missing or Invalid Configuration | Detects when Supabase self-hosted services fail due to missing, empty, or invalid JWT_SECRET configuration. This affects Auth service, REST API, and all authentication-dependent operations. Invalid JWT secrets prevent API token validation and break the entire authentication flow. | authentication | supabase | SupabaseAuthenticationJWTConfigurationSecurityApi KeySelf-HostedPublic |
| CRE-2025-0136 Medium Impact: 8/10 Mitigation: 3/10 | Supabase Self-Hosted: Auth Service Fails Due to Port Binding Conflict | Detects when Supabase Auth service (GoTrue) fails to start because the configured port is already in use by another service. This prevents user authentication, registration, and all auth-related operations from functioning in the self-hosted Supabase deployment. | authentication | docker | SupabaseAuthenticationPort BindingConfigurationStartup FailureSelf-HostedGoTruePublic |
| CRE-2025-0174 Critical Impact: 7/10 Mitigation: 8/10 | Redis Authentication Failures and ACL Permission Denials | Detects Redis authentication failures including wrong passwords, missing authentication, and ACL permission denials. These errors prevent legitimate clients from accessing Redis and may indicate security misconfigurations or attempted unauthorized access. | In-Memory Database Problems | redis | RedisAuthenticationSecurityACLWrong Password |
| CRE-2025-0200 Critical Impact: 10/10 Mitigation: 7/10 | Redis Comprehensive Troubleshooting - Multiple Common Issues Detection | Comprehensive detection rule for multiple common Redis troubleshooting scenarios including: 1. Out-of-Memory (OOM) errors when maxmemory limit exceeded 2. Connection timeouts and connectivity issues 3. Authentication failures and permission denials 4. Invalid commands and argument errors 5. Background save (BGSAVE) conflicts and persistence issues 6. Slow query performance problems 7. Read-only replica write attempts 8. Disk persistence failures (MISCONF errors) 9. Client connection limits exceeded 10. Memory pressure and eviction warnings | In-Memory Database Problems | redis | RedisRedis CLIRedis PyOut of MemoryConnectionAuthenticationPersistencePerformanceREADONLYMISCONFACLPublic |