PT-2024-33666 · Duende · Duende Identityserver
Name of the Vulnerable Software and Affected Versions: Duende IdentityServer versions 7.0.0 through 7.0.7 Description: The local API authentication handler in Duende IdentityServer performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP...