Lucene search
PRIOn knowledge basePRION:CVE-2024-23656HistoryJan 25, 2024 - 8:15 p.m.
Authentication flaw
2024-01-2520:15:00
PRIOn knowledge base
www.prio-n.com
5
authentication
openid connect
dex 2.37.0
https
tls 1.0
tls 1.1
tls 1.2
cipher suites
tls cert reloader
vulnerability
nvd
dex 2.38.0
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. cmd/dex/serve.go line 425 seemingly sets TLS 1.2 as minimum version, but the whole tlsConfig is ignored after TLS cert reloader was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0.
Related
osv
osv
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
2024-01-26 01:57:31
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in github.com/dexidp/dex
2024-06-28 15:28:53
CVE-2024-23656
2024-01-25 20:15:41
cvelist
cvelist
nvd
nvd
CVE-2024-23656
2024-01-25 20:15:41
cve
cve
CVE-2024-23656
2024-01-25 20:15:41
github
github
cgr
cgr
CVE-2024-23656 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Inadequate TLS Encryption
2024-01-29 08:00:05
wolfi
wolfi
CVE-2024-23656 vulnerabilities
2024-07-01 09:08:36