Warpgate · Warpgate · CVE-2023-37268
**Name of the Vulnerable Software and Affected Versions**
Warpgate versions prior to 0.7.3
**Description**
Warpgate is an SSH, HTTPS, and MySQL bastion host for Linux that does not require special client apps. An issue exists where an attacker may authenticate as another user when logging in as a user with SSO enabled. Any user account without a second factor enabled could be compromised.
**Recommendations**
For versions prior to 0.7.3, upgrade to version 0.7.3 or later to resolve the issue.
For users unable to upgrade, require their users to use a second factor in authentication as a temporary workaround.