99 matches found
CVE-2024-22258
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...
UBUNTU-CVE-2024-22258
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...
CVE-2024-22258
CVE-2024-22258 affects Spring Authorization Server versions 1.0.0–1.0.5, 1.1.0–1.1.5, and 1.2.0–1.2.2 (and older unsupported) where confidential clients using PKCE with the Authorization Code Grant can be downgraded, potentially bypassing security restrictions. Public Clients using PKCE are not v...
CVE-2024-22258 CVE-2024-22258: PKCE Downgrade in Spring Authorization Server
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...
CVE-2024-22258 CVE-2024-22258: PKCE Downgrade in Spring Authorization Server
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...
Spring Authorization Server Security Vulnerability
VMware Spring Authorization Server is a framework for building secure OAuth 2.0 and OpenID Connect 1.0 authorization servers from VMware. A security vulnerability exists in Spring Authorization Server that stems from the vulnerability of an application to a PKCE downgrade attack when the PKCE...
google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2024-23647
Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...
Design/Logic Flaw
Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...
CVE-2024-23647
Authentik (PKCE downgrade) vulnerability (CVE-2024-23647) exists due to a flaw in PKCE implementation: if the authorization request omits code_challenge, PKCE checks are skipped, enabling bypass of PKCE protections. Affected versions are before 2023.8.7 and 2023.10.7. Versions 2023.8.7 and 2023.1...
CVE-2024-23647 PKCE downgrade attack in Authentik
Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...
CVE-2024-23647 PKCE downgrade attack in Authentik
Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...
CVE-2024-23647 PKCE downgrade attack in Authentik
Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...
Authentication Bypass
Authentik is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the codechallenge parameter from the PKCE authorization request. This issue can be exploited by an attacker by removing the codechallenge parameter resulting in authentication downgrade...
GHSA-MRX3-GXJX-HJQJ Authentik vulnerable to PKCE downgrade attack
Summary PKCE is a very important countermeasure in OAuth2 , both for public and confidential clients. It protects against CSRF attacks and code injection attacks. Because of this bug, an attacker can circumvent the protection PKCE offers. Patches authentik 2023.8.7 and 2023.10.7 fix this issue...
PT-2024-19998
Name of the Vulnerable Software and Affected Versions Authentik versions prior to 2023.8.7 Authentik versions prior to 2023.10.7 Description Authentik is an open-source Identity Provider with a bug in its implementation of PKCE, allowing an attacker to circumvent the protection that PKCE offers...
RHCOS 4 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. - google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper...
Security Bulletin: There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Asset Management application (CVE-2020-7692 and CVE-2021-22573)
Summary Security Bulletin: There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Asset Management application CVE-2020-7692 and CVE-2021-22573 Vulnerability Details CVEID:CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypas...
CVE-2023-50714
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the authCodeVerifier should be removed after usage similar to authStat...
Cross site request forgery (csrf)
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the authCodeVerifier should be removed after usage similar to authStat...