Parth Padhiyar

**Name of the Vulnerable Software and Affected Versions** Oqtane Framework version 6.0.0 **Description** The issue concerns Incorrect Access Control, allowing attackers to bypass passcode validation by manipulating the `entityid` parameter. This enables them to log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication. **Recommendations** For Oqtane Framework version 6.0.0, as a temporary workaround, consider restricting the use of the `entityid` parameter until a patch is available. Additionally, disabling client-side authentication and implementing server-side validation can help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.