38 matches found
Design/Logic Flaw
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...
CVE-2023-0091
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...
CVE-2023-0091
CVE-2023-0091 is linked to Red Hat/SO, affecting Red Hat Single Sign-On (based on Keycloak). Description from RH advisories: the issue is that the Client Registration endpoint does not check token revocation in the client credential flow, enabling potential unauthorized access or modification of ...
CVE-2022-27866
creationtimestamp| type| source ---|---|--- 2022-07-30 00:13:56+00:00| seen| https://t.me/cibsecurity/47299...
Cloud Foundry UAA Denial of Service through client token revocation endpoint
An issue was discovered in Cloud Foundry Foundation cf-release all versions prior to v279 and UAA 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1. In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other...
McAfee Total Protection Elevation of Privilege Vulnerability
McAfee Total Protection MTP is a one-stop security suite. An elevation of privilege vulnerability exists in McAfee Total Protection prior to version 16.0.32. An attacker could exploit this vulnerability to elevate privileges by emulating a client token...
CVE-2021-23891
Privilege Escalation vulnerability in McAfee Total Protection MTP prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense...
CVE-2021-23891
Privilege Escalation vulnerability in McAfee Total Protection MTP prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense...
Privilege escalation
Privilege Escalation vulnerability in McAfee Total Protection MTP prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense...
McAfee Total Protection 安全漏洞
McAfee Total Protection MTP is a one-stop security suite. An elevation of privilege vulnerability exists in McAfee Total Protection prior to version 16.0.32. An attacker could exploit this vulnerability to elevate privileges by emulating a client token...
Privoxy Security Vulnerability
Privoxy is a proxy server from the Privoxy team in the USA that does not cache web pages and comes with its own filtering features. It has advanced filtering features to enhance privacy, modify web data and HTTP headers, control access and remove advertisements and other annoying Internet...
CVE-2020-5426
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...
Default configuration
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...
CVE-2020-5426
CVE-2020-5426 affects the TAS Scheduler prior to version 1.4.0, which could transmit the UAA client token in plaintext over non-TLS connections. The risk is influenced by MySQL server configuration used to cache the token; interception could grant an attacker admin-level access in the cloud contr...
CVE-2019-10136
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...
CVE-2019-10136
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...
CVE-2017-8031: UAA Denial of Service through client token revocation endpoint | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-release All versions prior to v279 UAA 30.x versions prior to 30.6 45.x versions prior to 45.4 52.x versions prior to 52.1 Description In some cases, the UAA allows an authenticated user for a particul...
CVE-2016-10511
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS ap...