Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issuer identifiers of other Authorization Servers. The malicious Authorization Server could then use these private key JWTs to impersonate the Client.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
Vulnerability Type
使用基本弱点进行的认证绕过
Vulnerability Title
OpenID Connect Core 安全漏洞
Vulnerability Description
OpenID Connect Core是OpenID基金会的一个 OAuth 2.0 协议之上的简单身份层。 OpenID Connect Core 1.0版本存在安全漏洞。攻击者利用该漏洞可以可以使用私钥 JWT 冒充客户端。
CVSS Information
N/A
Vulnerability Type
N/A