In Spring Security 5, we saw many developments in the OAuth2 story with the introduction of OAuth2 Resource Server and OAuth2 Client into the framework. Today, it is quite convenient to develop applic ...
Continue Reading
August 23, 2023
[]() From a user's perspective, OAuth works like magic. ...
Continue Reading
August 21, 2023
Although [X.509]() certificates have been here for a while, they have become more popular for client authentication in zero-trust networks in recent years. Mutual TLS, or authentication based on X.509 ...
Continue Reading
August 18, 2023
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use ...
Continue Reading
August 17, 2023
[Discord.io]() was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachFo ...
Continue Reading
August 17, 2023
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use ...
Continue Reading
August 16, 2023
Improper Authentication vulnerability in miniOrange OAuth Single Sign On â SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On â SSO (OAuth Client) ...
Continue Reading
August 15, 2023
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access ...
Continue Reading
August 15, 2023
Back to Main
