10 matches found
PT-2026-45039
Summary modules/sso/clients.php validates an adm csrf token on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, ...
CVE-2024-6594
Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by...
CVE-2024-6592
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway aka Single Sign-On Agent on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through...
CVE-2024-6592
CVE-2024-6592 affects WatchGuard Authentication Gateway (Single Sign-On Agent) on Windows and WatchGuard SSO Client on Windows and macOS. Root cause: incorrect authorization in the protocol communication between gateway and clients, enabling authentication bypass. Affected versions: Authenticatio...
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
Impact Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix ts SSO.init'javascript:alert"javascript successfully injected"' Patches This vulnerability was patched on version 0.1.0 Workarounds This vulnerability can be prevented if...
CVE-2023-41049 Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix. This vulnerability has been patched on version 0.1.0. Users are...
PT-2023-27760 · Unknown · @Dcl/Single-Sign-On-Client
Name of the Vulnerable Software and Affected Versions: @dcl/single-sign-on-client versions prior to 0.1.0 Description: The issue concerns improper input validation in the init function, allowing arbitrary JavaScript to be executed using the javascript: prefix. This can be exploited by passing...
Code injection
The Single Sign On Client ubuntu-sso-client for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle MITM attack...
CVE-2011-4408
CVE-2011-4408 affects the Ubuntu Single Sign On Client (ubuntu-sso-client) on Ubuntu 11.04 and 11.10. The issue is that SSL certificates were not properly validated over HTTPS, enabling remote attackers to perform MITM attacks to spoof a server and read or modify sensitive data. Public references...
USN-1464-1: Ubuntu Single Sign On Client vulnerability
It was discovered that the Ubuntu Single Sign On Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information...