Impact In versions of the proxy from 2022-09-05 onwards (since 8c874c2ff3d503ac20c7d32f46e08547fcb9e23f), expired authorisation tokens could be renewed automatically without checking their validity ag ...
Continue Reading
December 19, 2023
Impact What kind of vulnerability is it? Who is impacted? Original Report: The Oauth1/2 "state" and OpenID Connect "nonce" is vulnerable for a "timing att ...
Continue Reading
December 18, 2023
Impact What kind of vulnerability is it? Who is impacted? Original Report: The Oauth1/2 "state" and OpenID Connect "nonce" is vulnerable for a "timing att ...
Continue Reading
December 18, 2023
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for token-based authentication and authorization that enables applicatio ...
Continue Reading
December 16, 2023
Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and ...
Continue Reading
December 16, 2023
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.Read More ...
Continue Reading
December 15, 2023
The [2023 SANS Survey on API Security]() (Jun-2023) found that less than 50 percent of respondents have API security testing tools in place. Even fewer (29 percent) have API discovery tools. Wallarm d ...
Continue Reading
December 15, 2023
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. ...
Continue Reading
December 15, 2023
Back to Main
