2 matches found
CVE-2025-27370
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...
CVE-2021-33846
CVE-2021-33846 affects Fresenius Kabi Vigilant Software Suite MasterMed Dashboard (v2.0.1.3). The vulnerability arises because authentication tokens issued to authenticated users are signed with a symmetric encryption key, enabling an attacker possessing the key to issue valid JWTs and impersonat...