4 matches found
CVE-2025-15622
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...
CVE-2025-15622
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...
CVE-2025-15622 Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...
CVE-2025-15622
The CVE-2025-15622 vectors/auth flow involve Sparx Systems Pty Ltd. Sparx Enterprise Architect desktop client exposing a plaintext OAuth2 client secret, which the client decodes and uses to exchange for access and ID tokens in the OpenID authentication flow. This is described as an Insufficiently...