2 matches found
CVE-2020-15222
In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.31.0, when using "privatekeyjwt" authentication the uniqueness of the jti value is not checked. When using client authentication method "privatekeyjwt", OpenId specification says the following about asserti...
Unspecified Vulnerability in Hydra
Hydra is a penetration testing tool. A security vulnerability exists in Hydra versions prior to 1.4.0 that stems from the program not checking the uniqueness of the 'jti' value. An attacker can exploit the vulnerability to replay a token...