Pac4j has insecure token. The vulnerability exists due to an insecure validation of ID token with “none” algorithm allowing an attacker to bypass the token validation by injecting a maliciously crafted ID token by setting the alg
key = “none”.
CPE | Name | Operator | Version |
---|---|---|---|
pac4j: java web security for openid connect | le | 5.1.5 | |
pac4j: java web security for openid connect | le | 5.1.5 |