Authorization

ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect...

ApiFest OAuth 2.0 Server 输入验证错误漏洞

ApiFest OAuth 2.0 Server is ApiFest open source an OAuth 2.0 protocol ApiFest OAuth 2.0 Server Java implementation . A security vulnerability exists in ApiFest OAuth 2.0 Server version 0.3.1, which stems from not validating the redirect URI according to RFC 6749, which can be exploited by an...

Malicious code in uphold-authorization-code-oauth-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f9fcf4a7641090bcac961c4bf198b220a96562cb48390c5bf3bc8ed1053de38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6805 Malicious code in uphold-authorization-code-oauth-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f9fcf4a7641090bcac961c4bf198b220a96562cb48390c5bf3bc8ed1053de38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in uphold-authorization-code-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e98b7280da6cbb8c745119a06b97f7c1c78e2f55333d2cb612565044e85008d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6804 Malicious code in uphold-authorization-code-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e98b7280da6cbb8c745119a06b97f7c1c78e2f55333d2cb612565044e85008d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Insufficient Verification of Data Authenticity in Jetbrains Hub

CVE-2022-25262 PoC + vulnerability details for CVE-2022-25262...

Denial Of Service (DoS)

Spring Security OAuth is vulnerable to denial of service. The vulnerability exists due to a lack of restriction of the number of request initiating the Authorization Request for the Authorization Code Grant allowing an attacker to exhaust the system resources sending multiple requests with a sing...

GHSA-C2CP-3XJ9-97W9 Denial of service in Spring Security OAuth2

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

OAuth consent phishing, in the wild

TL;DR An interesting incident response investigation showed exploitation of a recent OAuth related consent-phishing issue. We had been asked to investigate as the organisation had noticed some odd behaviours in the mailbox of one of the exec team. The mailbox was being queried using GraphAPI and...

GHSA-F263-C949-W85G Improper Authorization in Google OAuth Client

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

GHSA-W9JG-GVGR-354M Resource Exhaustion in Spring Security

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

Code Injection

Overview oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid...

GHSA-2FW4-MGQ9-39CX Code Injection in oauth2-server

"oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...

SmartAgent 3.1.0 Privilege Escalation

Exploit Title: SmartAgent 3.1.0 - Privilege Escalation Date: 01-11-2021 Exploit Author: Orion Hridoy Vendor Homepage: https://www.smartagent.io/ Version: Build 3.1.0 Tested on: Windows 10/Kali Linux A Low grade user like ViewOnly can create an account with SuperUser permission. Steps To Reproduce...

JFrog Artifactory < 7.10.2 Authentication Bypass

An authentication bypass vulnerability exists in JFrog Artifactory prior to 7.10.2 due to a vulnerability in google-oauth-client library. An unauthenticated, remote attacker can exploit this, by a using malicious app on the client-side to obtain the authorization code and use it to gain...

GHSA-58R4-H6V8-JCVM Regression in JWT Signature Validation

Overview Versions after and including 2.3.0 are improperly validating the JWT token signature when using the JWTValidator.verify method. Improper validation of the JWT token signature when not using the default Authorization Code Flow can allow an attacker to bypass authentication and...

SRC-2021-0018 : Microsoft SharePoint Server OAuth Authorization Code Leak Elevation of Privilege Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to elevate privileges. User interaction is required required to exploit this vulnerability. The specific flaw exists in the oauthauthorize page. The issue results from a missing X-Frame-Options header when performing an authorizati...