OAuth - API Security Blog

Token Validation Bypass

Google OAuth Client is vulnerable to token validation bypass. The function IdTokenVerifier validate any token with custom payload as valid token if the token is properly signed.Read More ...

30 мая, 2022

VMware Workspace ONE Access Template Injection / Command Execution Exploit

This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user.Rea ...

30 мая, 2022

Exploit for Improper Authentication in Jetbrains Hub

# CVE-2022-25262 PoC + vulnerability details for CVE-2022-25262 ...Read More ...

30 мая, 2022

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An ...

30 мая, 2022

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted”

[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiiIy1KyYnnhEtz-GpAc5zngJFc4ts7Cy3Xcd3_kERhuq01G2fpv6le_bhfRu1-u5_VFn-aIgZRoU3eio7NtjVCXMIGMW2E_FT-CMVsrHhhl5BmOWXliz-YZqSMag83hCUcabVlhTj ...

30 мая, 2022

VMware Workspace ONE Access Template Injection / Command Execution

Post ContentRead More ...

30 мая, 2022

VMware Workspace ONE Access CVE-2022-22954

This module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) in VMware Workspace ONE Access, to execute shell commands as the "horizon" user.Read More ...

30 мая, 2022

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

![Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954](https://blog.rapid7.com/content/images/2022/04/vmware-one-etr.jpg) On April 6, 2022, VMware published [VMSA-2022-0011](), which ...

30 мая, 2022