The host is installed with SaltStack Salt before 2019.2.7 or 3000.x before 3000.4 and is prone to an authentication bypass vulnerability. A flaw exists exists within the application, which fails to properly handle improper validation of eauth credentials and tokens. Successful exploitation would allow a user to bypass authentication and make calls to Salt SSH.