22 matches found
CVE-2025-15624
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext...
CVE-2025-15624
Affected product : Sparx Pro Cloud Server (Sparx Systems). Issue : When OpenID is used as the primary authentication to Sparx EA, Pro Cloud Server creates local passwords for users and stores them in plaintext. Root cause : plaintext storage of credentials as described. Impact : confidentiality a...
CVE-2025-15622 Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...
EUVD-2025-209499
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...
CVE-2025-15621
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...
CVE-2025-15621
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...
CVE-2025-15621
CVE-2025-15621 affects the Sparx Systems Sparx Enterprise Architect client. The issue is that the client does not verify the receiver of OAuth2 credentials during OpenID authentication, indicating a flaw in credential handling that could allow credential misdirection or leakage within the OAuth/O...
Sparx Enterprise Architect 安全漏洞
Sparx Enterprise Architect is a modeling and design tool developed by the Australian company Sparx. There is a security vulnerability in Sparx Enterprise Architect, which stems from the failure to verify the recipient of OAuth2 credentials during OpenID authentication...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization in the authentication process. An attacker can maintain unauthorized access to resources by using valid API tokens, CalDAV credentials, or OpenID Connect authentication even after the account has been disabled or...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.4.0 and earlier 11.4.x series, 11.3.1 and earlier 11.3.x series, 11.2.3 and earlier 11.2.x series, as well as 10.11.11 and earlier 10.11.x series. Thes...
EUVD-2008-0580
Malware in sbrugna...
EUVD-2022-28556
Malicious code in bioql PyPI...
EUVD-2022-2349
Malicious code in bioql PyPI...
The vulnerability of the OpenID authentication module of the Chamilo LMS system, related to the lack of verification of the validity of XML objects’ sequences, allows attackers to execute arbitrary SQL queries.
The vulnerability of the OpenID authentication module in the Chamilo LMS system relates to the lack of verification of the authenticity of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
CVE-2025-26864 Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...
CVE-2025-31492 mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data
modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...
CVE-2023-41900 Jetty's OpenId Revoked authentication allows one request
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
Mageia: Security Advisory (MGASA-2016-0240)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
XSS through FPD
PMASA-2016-24 Announcement-ID: PMASA-2016-24 Date: 2016-06-23 Summary XSS through FPD Description With a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script. Severity We do not consider this vulnerability to be secure due to the...
[SECURITY] Fedora 19 Update: php-pear-Auth-OpenID-2.2.2-7.fc19
An implementation of the OpenID single sign-on authentication protocol...