3 matches found
Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...
Tinyauth 安全漏洞
Tinyauth is an authentication and authorization server developed by Stavros personally. Versions of Tinyauth prior to 5.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the OIDC token endpoint not verifying the identity of the client requesting the exchange of...
GHSA-F5H4-WMP5-XHG6 Client Spoofing within the Keycloak Device Authorisation Grant
Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a devicecode to retrieve an access token for other OAuth clients...