在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
CVE-2019-9837Doorkeeper::OpenidConnect 安全漏洞 发布时间:2019-03-21类型:CANstatus:Candidatephase:Assigned 漏洞描述Doorkeeper::OpenidConnect 1.4.x版本和1.5.4之前的1.5.x版本中存在开放重定向漏洞。攻击者可借助Oauth授权请求中的redirect_uri利用该漏洞将用户重定向其他网站,实施钓鱼攻击。Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow. 参考文献
|
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论