Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:37400
HistoryOct 04, 2022 - 6:56 a.m.

Man-in-the-Middle (MitM)

2022-10-0406:56:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
man-in-the-middle
github
dexidp/dex
hmac protection
authorization code

EPSS

0.001

Percentile

50.5%

github.com/dexidp/dex is vulnerable to man-in-the-middle attacks. The vulnerability exists because the library does not properly implement the HMAC protection on the approval endpoint, allowing an attacker to capture the id token via intercepted authorization code.

EPSS

0.001

Percentile

50.5%