4 matches found
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error in the token exchange endpoint /api/1.0/unity-control/auth/tokens that processes JWTs. An attacker can gain unauthorized access and impersonate any user by supplying a JWT with a malicious issuer, as the endpoint...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the metaRegex function. An attacker can access internal network resources by crafting a malicious issuer URL that bypasses validation and causes the system to send HTTP GET requests to arbitrary...
Breaking unlinkability in Identity Mixer using malicious keys
CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key ...
Authorization Bypass During JWT Issuer Validation with spring-security
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...