Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.
CPE | Name | Operator | Version |
---|---|---|---|
broker_api | lt | 3.0.2 | |
on_demand_services_sdk | lt | 0.24.0 |