5 matches found
EUVD-2018-12357
Malware in sbrugna...
Insecure Authorization
loopback allows unauthorized creation of Authentication Tokens. This is due to improper authorization when the AccessToken model is publicly exposed, allowing an attacker, who has knowledge of any target's userId, to create Authentication Tokens for the victim and gain access to the application a...
Authentication flaw
IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...
CVE-2018-1778
IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...
CVE-2018-1778
IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...