3 matches found
PT-2026-34189
Name of the Vulnerable Software and Affected Versions Oxia versions prior to 0.16.2 Description When OIDC OpenID Connect, an identity layer on top of the OAuth 2.0 protocol authentication fails, the full bearer token is logged in plaintext at the DEBUG level. If debug logging is enabled in...
EUVD-2022-7155
Malicious code in bioql PyPI...
CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...