Denial Of Service (DoS)

Spring Security OAuth is vulnerable to denial of service. The vulnerability exists due to a lack of restriction of the number of request initiating the Authorization Request for the Authorization Code ...

Continue Reading
Denial of service in Spring Security OAuth

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 C ...

Continue Reading
RST Threat feed. IOC: https://suncoast-auth.dns05.com/auth.php?oauth

Found **https://suncoast-auth[.]dns05.com/auth.php?oauth** in [...Read More ...

Continue Reading
CVE report published for Spring Security OAuth

We have released Spring Security OAuth 2.5.2 to address the following CVE report. * [CVE-2022-22969: Denial-of-Service (DoS) in spring-security-oauth2]() This vulnerability exposes OAuth 2.0 Client ...

Continue Reading
GitLab 7.7.x < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.2 CSRF

According to its self-reported version, the instance of GitLab running on the remote web server is 7.7.x prior to 14.4.5, 14.5.0 prior to 14.5.3, or 14.6.0 prior to 14.6.2. It is, therefore, affected ...

Continue Reading
GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens

[![GitHub](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjxX2jD8VVilJjQZkcsQwvoW0ZvAYbtJTCbmXDltSql9D4lPJW4bUlaSg9BnGka9yPYv829y-vn5ks9eFbNR9NaZd9WiHUEDQLsczRpWMDIz2fOCNxh-f8tAD_BfMy2zIiFu ...

Continue Reading
O365-Doppelganger – A Quick Handy Script To Harvest Credentials Off Of A User During A Red Team And Get Execution Of A File From The User

[![](https://blogger.googleusercontent.com/img/a/AVvXsEjnu3bza5lczEWmdNm_mbRAmPz8iZzGLMzZeSZO3SLYXCqAC4_K3KKvkNMCRRERCxacnPbhVv8qsCmNtWSmnlvW1OWWAUf2KSZqK918RFZHtHKT7tJ_TUJj37GhbBxX09oeKrilNNluGpFsKub ...

Continue Reading
(RHSA-2022:1823) Moderate: mod_auth_openidc:2.3 security update

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. ...

Continue Reading

Back to Main

Subscribe for the latest news: