Authentication Bypass in hydra

🗓️ 27 May 2021 18:22:43Reported by GitHub Advisory DatabaseType

github🔗 github.com👁 253 Views

Authentication Bypass in hydra. Issue with uniqueness of 'jti' assertion leading to duplicate access token

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Prion	Design/Logic Flaw	6 Apr 202017:15	–	prion
OSV	GO-2022-0786 Authentication Bypass in hydra in github.com/ory/hydra	21 Aug 202415:28	–	osv
OSV	Authentication Bypass in hydra	27 May 202118:43	–	osv
OSV	CVE-2020-5300	6 Apr 202017:15	–	osv
Cvelist	CVE-2020-5300 Disallow replay of `private_key_jwt` by blacklisting JTIs in Hydra	6 Apr 202016:30	–	cvelist
CVE	CVE-2020-5300	6 Apr 202017:15	–	cve
Veracode	Replay Attack	7 Apr 202008:14	–	veracode
NVD	CVE-2020-5300	6 Apr 202017:15	–	nvd

Vulners

Node

ory hydraRange<1.4.0

Source	Link
github	www.github.com/ory/hydra/security/advisories/GHSA-3p3g-vpw6-4w66
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-5300
github	www.github.com/ory/hydra/commit/700d17d3b7d507de1b1d459a7261d6fb2571ebe3
github	www.github.com/ory/hydra/releases/tag/v1.4.0
openid	www.openid.net/specs/openid-connect-core-1_0.html
github	www.github.com/advisories/GHSA-3p3g-vpw6-4w66

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 May 2021 18:43Current

5.8Medium risk

Vulners AI Score5.8

CVSS23.5

CVSS35.3 - 5.8

EPSS0.00192

CWE-294