PT-2025-27551 · Onelogin · Onelogin Ad Connector
Name of the Vulnerable Software and Affected Versions: OneLogin AD Connector versions prior to 6.1.5 Description: A cryptographic authentication bypass issue exists due to the exposure of a tenant’s SSO JWT signing key via the "/api/adc/v4/configuration" endpoint. An attacker with the signing key...