2 matches found
CVE-2022-31157
CVE-2022-31157 concerns the packbackbooks/lti-1-3-php-library. Before version 5.0, the nonce generation function was not cryptographically strong, enabling potential predictability of tokens and forgery of tokens. Affected software is the LTI 1.3 Tool Library implemented in PHP; the issue is a cr...
CVE-2022-31158
CVE-2022-31158 affects the packbackbooks/lti-1-3-php-library (LTI 1.3 Tool Library) for PHP. Prior to version 5.0, the Nonce Claim Value was not validated against the nonce in the Authentication Request, enabling a potential authentication bypass/capture-replay scenario as described by multiple s...