VMware Tanzu Spring Security: Attackers can log in malicious clients

Due to security issues, authentication is bypassable in the context of VMware Tanzu Spring Security, among other things.
CSO Online

Stopping AiTM attacks: The defenses that actually work after authentication succeeds

AiTM attacks don't steal passwords; they copy the result of a real login. You need to watch what happens after the user logs ...