Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:36387
HistoryJul 18, 2022 - 9:20 a.m.

Insecure Cryptography

2022-07-1809:20:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
insecure cryptography
cryptographic configuration
cookies generation
openid values
token prediction
token forging
software vulnerability

EPSS

0.001

Percentile

31.8%

packbackbooks/lti-1p3-tool uses an insecure cryptographic configuration. The vulnerability exists due to improper configuration of generating cookies and openid values which allows an attacker to predict the token value and forge the token.

EPSS

0.001

Percentile

31.8%

Related for VERACODE:36387