Cmsmith1977

**Name of the Vulnerable Software and Affected Versions** Warpgate versions prior to 0.9.0 **Description** Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions, there is a privilege escalation issue through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password, they can subsequently enter a valid non-admin username and password and will be logged in as the admin user. **Recommendations** For versions prior to 0.9.0, upgrade to version 0.9.0 or later to resolve the issue. As a temporary workaround, consider configuring multi-factor authentication to minimize the risk of exploitation. Restrict access to the login screen for non-admin users until the upgrade is applied.