EUVD-2020-23798

Malware in sbrugna...

CVE-2020-36255

An issue was discovered in IdentityModel aka ScottBrady.IdentityModel before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens...

Remote Code Execution

Microsoft.IdentityModel.Protocols.SignedHttpRequest is vulnerable to Remote Code Execution. The vulnerability is caused due to Microsoft.IdentityModel trusting the jku claim by default for the SignedHttpRequest protocol. An attacker can make any remote or local HTTP GET request as a result of thi...

CVE-2024-21643

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

Cross site request forgery (csrf)

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

CVE-2024-21643 Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

CVE-2024-21643

The CVE-2024-21643 issue affects IdentityModel Extensions for .NET (Microsoft.IdentityModel.Protocols.SignedHttpRequest) where the SignedHttpRequest protocol/validator trusts the jku claim by default, enabling remote/local HTTP GET requests. Multiple sources confirm this vulnerability and identif...

CVE-2024-21643 Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

Microsoft Azure IdentityModel Code Injection Vulnerability

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Azure IdentityModel. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor...

GHSA-8G9C-28FC-MCX2 Duplicate Advisory: Microsoft Identity Denial of service vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-59j7-ghrg-fj52. This link is maintained to preserve external references. Original Description Impact An attacker could exploit this vulnerability by crafting a malicious JSON Web Encryption JWE token with a high...

CVE-2020-36255

An issue was discovered in IdentityModel aka ScottBrady.IdentityModel before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens...

CVE-2020-36255

An issue was discovered in IdentityModel aka ScottBrady.IdentityModel before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens...

Authentication flaw

An issue was discovered in IdentityModel aka ScottBrady.IdentityModel before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens...

CVE-2020-36255

IdentityModel (aka ScottBrady.IdentityModel) has a vulnerability in Branca handling before version 1.3.0 that lets an attacker modify and forge authentication tokens. Affected component is the Branca implementation within IdentityModel prior to 1.3.0. Impact, per sources, is authenticated tokens ...

CVE-2020-36255

An issue was discovered in IdentityModel aka ScottBrady.IdentityModel before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens...

IdentityModel 安全漏洞

Scott Brady IdentityModel is a Scott Brady open source application. A library of helper programs for tokens and encryption. A security vulnerability exists in IdentityModel before 1.3.0, which can be exploited by an attacker to modify and forge authentication tokens...

Microsoft Identity Model Extensions Token Signing Verification Advisory (3214296)

This host is missing an important security update according to Microsoft advisory 3214296. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...