Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:22957
HistoryApr 07, 2020 - 8:14 a.m.

Replay Attack

2020-04-0708:14:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

EPSS

0.001

Percentile

41.4%

JSON

github.com/ory/hydra is vulnerable to replay attack. During the client authentication using the method private_key_jwt, Hydra does not check the uniqueness of jti token (a unique identifier for the token) to prevent the reuse of the token more than one time unless there are conditions for reuse between the parties, allowing an attacker to get two access tokens.

Related

prion 1
cvelist 1
cve 1
osv 3
nvd 1
github 1
prion
prion
Design/Logic Flaw
2020-04-06 17:15:00
cvelist
cvelist
CVE-2020-5300 Disallow replay of `private_key_jwt` by blacklisting JTIs in Hydra
2020-04-06 16:30:14
cve
cve
CVE-2020-5300
2020-04-06 17:15:13
osv
osv
Authentication Bypass in hydra
2021-05-27 18:43:22
Authentication Bypass in hydra in github.com/ory/hydra
2024-08-21 15:28:59
CVE-2020-5300
2020-04-06 17:15:13
nvd
nvd
CVE-2020-5300
2020-04-06 17:15:13
github
github
Authentication Bypass in hydra
2021-05-27 18:43:22

EPSS

0.001

Percentile

41.4%

JSON
Related for VERACODE:22957
prion1cvelist1cve1osv3nvd1github1