290 matches found
CVE-2019-11269
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
Open Redirection
spring-security-oauth2 is vulnerable to open redirection. A remote attacker is able to modify the redirecturi parameter and redirect users to a malicious site to steal confidential information such as authorization code, username and password...
CVE-2019-3778
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...
spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...
CVE-2019-3778
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...
Open Redirection
spring-security-oauth2 is vulnerable to open redirection. A lack of validation on the redirecturi parameter allows an attacker to manipulate the redirect URI by sending a malicious request to the authorization endpoint using the authorization code grant type and cause the authorization server to...
Timing Attack Vulnerability In Basic Authentication
Action Controller in the actionpack gem has a flaw in the way it compares usernames and passwords in the basic authentication authorization code. Due to the flaw, attackers can launch a timing attack by analyzing the time taken by a response and use the difference to find a valid username and...
GHSA-685W-VC84-WXCX Doorkeeper vulnerable to Cross-site Request Forgery
Cross-site request forgery CSRF vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors...
Fathom 2.4 - Denial Of Service (PoC)
Fathom 2.4 - Denial Of Service PoC Exploit Title: Fathom 2.4 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-28 Homepage: https://fathom.concord.org/ Software Link: https://fathom.concord.org/download/ Tested Version: v2.4 Tested on OS: Windows 7 32-bit Steps to...
Shining a Light on OAuth Abuse with PwnAuth
Introduction Spear phishing attacks are seen as one of the biggest cyber threats to an organization. It only takes one employee to enter their credentials or run some malware for an entire organization to become compromised. As such, companies devote significant resources to preventing credential...
RCE with spring-security-oauth2 分析(CVE-2018-1260)
漏洞公告 环境搭建 利用github上已有的demo: git clone https://github.com/wanghongfei/spring-security-oauth2-example.git 确保导入的spring-security-oauth2为受影响版本,以这里为例为2.0.10 进入spring-security-oauth2-example,修改 cn/com/sina/alan/oauth/config/OAuthSecurityConfig.java的第67行: @Override public void...
keycloak: account hijacking via auth code fixation
It was found that the keycloak did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks...
Harvest: CSRF token fixation in Sign in with Google
Hi There is CSRF token fixation in Sign in with Google at https://id.getharvest.com/sessions/new The state parameter is same for any time login https://id.getharvest.com/oauth2/callback?state=%7B%22intent%22:%22sign-in%22%7D&code=code Steps to reproduce 1. Go to...
Holy redirect_uri Batman!
If you bought the book I have been writing with Justin Richer namely OAuth 2 in Action you might have noticed that we will never got tired to stress out how much important the redirecturi is in the OAuth 2 universe. Failing to understand this rather simple concept might lead to disasters. The...
Vimeo: API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass
OAuth2 API makes it possible for users to grant access to their accounts to some third-side applications. Of course, users are able to manage such applications' access to their accounts and may deny access for any application. When some user denies access for the application, all accesstokens are...
Top 5 OAuth 2 Implementation Vulnerabilities
Heya, back to my favourite topics namely OAuth . I have previously discussed about common OAuth 2 Implementation Vulnerabilities but now it is time maybe to list those and order them based on their criticality. 5 The Postman Always Rings Twice I have introduced this 'attack' in last year post...
CVE-2014-8144
Cross-site request forgery CSRF vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors...
CVE-2014-8144
Cross-site request forgery CSRF vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors...
Cross-site request forgery (CSRF) vulnerability in doorkeeper 1.4.0 and earlier.
Cross-site request forgery CSRF vulnerability in doorkeeper 1.4.0 and earlier allows remote attackers to hijack the user's OAuth autorization code. This vulnerability has been assigned the CVE identifier CVE-2014-8144. Doorkeeper's endpoints didn't have CSRF protection. Any HTML document on the...
OAuth authentication memory vulnerability caution a user identity hijacking-vulnerability warning-the black bar safety net
With OpenSSL, like OAuthOpen Authorizationas a widely used open-source third-party login authentication Protocol, this year also broke a security vulnerability. In the third session of the know the security Forum, from Sina Weibo of the blue di snowball shows Sina as early as year 3 months...