Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OneLogin AD Connector API Credential and Signing Key Exposure
Vulnerability Description
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext response disclosing sensitive credentials. These may include an API key, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant’s SSO IdP configuration.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
One Identity OneLogin AD Connector 安全漏洞
Vulnerability Description
One Identity OneLogin AD Connector是美国One Identity公司的一个连接器软件。 One Identity OneLogin AD Connector 6.1.5之前版本存在安全漏洞,该漏洞源于/api/adc/v4/configuration端点导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A