Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location ...

Continue Reading

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fail ...

Continue Reading

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...

Continue Reading
Moxa MXsecurity Series Hardcoded JWT Key Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Moxa MXsecurity Series appliances. Authentication is not required to exploit this vulnerability. The sp ...

Continue Reading
Spring Authorization Server is on Spring Initializr!

Today, I'm excited to announce that you have a new superpower: creating applications with [Spring Authorization Server]() on [Spring Initializr]()! That's right, it's time to begin your OAuth2 journey ...

Continue Reading

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authenticat ...

Continue Reading
ChatGPT: Friend or Foe? | API Security Newsletter

Welcome to our April API newsletter, recapping some of the events of last month. This month’s topic is Generative AI tools (e.g., ChatGPT) in cybersecurity. It – along with API Security – domina ...

Continue Reading


Security Bulletin: Open Source Dependency Vulnerability

## Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. ## Vulnerability Details ** CVEID: **[CVE-2020-25864]() ** DESCRIPTION: **HashiCorp Consul is vulnerable to cross-site scrip ...

Continue Reading



Back to Main

Subscribe for the latest news: