OAuth - API Security Blog

Exploit for Improper Authentication in Jetbrains Hub

# CVE-2022-25262 PoC + vulnerability details for CVE-2022-25262 ...Read More ...

May 30, 2022

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An ...

May 30, 2022

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted”

[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiiIy1KyYnnhEtz-GpAc5zngJFc4ts7Cy3Xcd3_kERhuq01G2fpv6le_bhfRu1-u5_VFn-aIgZRoU3eio7NtjVCXMIGMW2E_FT-CMVsrHhhl5BmOWXliz-YZqSMag83hCUcabVlhTj ...

May 30, 2022

VMware Workspace ONE Access Template Injection / Command Execution

Post ContentRead More ...

May 30, 2022

VMware Workspace ONE Access CVE-2022-22954

This module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) in VMware Workspace ONE Access, to execute shell commands as the "horizon" user.Read More ...

May 30, 2022

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

![Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954](https://blog.rapid7.com/content/images/2022/04/vmware-one-etr.jpg) On April 6, 2022, VMware published [VMSA-2022-0011](), which ...

May 30, 2022

Attacker Breach Dozens of GitHub Repos Using Stolen OAuth Tokens

GitHub revealed details tied to last weeks incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. We do not believe the attacker obtained these tokens via a ...

May 30, 2022

(RHSA-2022:1823) Moderate: mod_auth_openidc:2.3 security update

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. ...

May 30, 2022