Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-qxj7-2x7w-3mpp: Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens

### Summary Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protocol parameters can return access tokens obtained with the wrong scope, resource indicator, or other protocol parameters. Such usage is somewhat atypical, and only a small percentage of users are likely to be affected. ### Details Duende.AccessTokenManagement can request access tokens using the client credentials flow in several ways. In basic usage, the client credentials flow is configured once and the parameters do not vary. In more advanced situations, requests with varying protocol parameters may be made by calling specific overloads of these methods: - `HttpContext.GetClientAccessTokenAsync()` - `IClientCredentialsTokenManagementService.GetAccessTokenAsync()` There are overloads of both of these methods that accept a `TokenRequestParameters` object that customizes token request para...

ghsa
Open in Source
#vulnerability#auth
Hackers Tricking Users Into Linking Devices to Steal Signal Messages

Is your Signal, WhatsApp, or Telegram account safe? Google warns of increasing attacks by Russian state-backed groups. Learn…

Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes

Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app's legitimate 'linked devices' feature that enables Signal to be used on multiple

Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild

The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.

What Is the Board's Role in Cyber-Risk Management in OT Environments?

By taking several proactive steps, boards can improve their organization's resilience against cyberattacks and protect their critical OT assets.

Google now allows digital fingerprinting of its users

Google is allowing its advertizing customers to fingerprint website visitors. Can you stop it?

How Blockchain Games Ensure Transparency and Fairness

The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that…

10 Best LMS SaaS Platforms for Scalable Online Learning

The education sector is changing quickly as it adopts digital tools for better learning experiences. These days, learning…

Xerox Versalink Printers Vulnerabilities Could Let Hackers Steal Credentials

Xerox Versalink printers are vulnerable to pass-back attacks. Rapid7 discovers LDAP & SMB flaws (CVE-2024-12510 & CVE-2024-12511). Update…

A Signal Update Fends Off a Phishing Technique Used in Russian Espionage

Google warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards.