3 matches found
GO-2026-4573 ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel
ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...
Authentication Bypass by Assumed-Immutable Data
Overview Affected versions of this package are vulnerable to Authentication Bypass by Assumed-Immutable Data in the verifyAccessTokenV2 function that accepts truncated tokens as the valid ones. An attacker can cause the system to accept truncated tokens missing the userid by submitting an opaque...
USN-6947-1 krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled GSS message tokens where an unwrapped token could appear to be truncated. An attacker could possibly use this issue to cause a denial of service. CVE-2024-37370 It was discovered that Kerberos incorrectly handled GSS message tokens when sent a...