Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Duende IdentityServer4 Token Renewal Endpoint authorize improper authentication
Vulnerability Description
A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id_token_hint causes improper authentication. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
Duende IdentityServer 授权问题漏洞
Vulnerability Description
Duende IdentityServer是Duende开源的一个适用于 ASP.NET Core 的、符合标准的 OpenID Connect 和 OAuth 2.x 框架。 Duende IdentityServer存在授权问题漏洞,该漏洞源于对组件Token Renewal Endpoint的文件/connect/authorize中参数id_token_hint的错误操作,可能导致身份验证不当。
CVSS Information
N/A
Vulnerability Type
N/A