Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

API Broken Auth

This page lists 24 vulnerabilities in this category.

Vulnerability Name
CVE
CWE
Severity
Unvalidated JWT jku parameter
-
CWE-287
High
No SAML Respose signature check
-
CWE-347
High
JWT Signature Bypass via unvalidated x5u parameter
-
CWE-287
High
JWT Signature Bypass via unvalidated x5c parameter
-
CWE-287
High
JWT Signature Bypass via kid SQL injection
-
CWE-287
High
JWT Signature Bypass via kid Path Traversal
-
CWE-287
High
JWT Signature Bypass via unvalidated jwk parameter
-
CWE-287
High
JWT Signature Bypass via unvalidated jku parameter
-
CWE-287
High
JWT Signature is not Verified
-
CWE-287
High
SAML Respose signature exclusion
-
CWE-347
High
SAML Response without signature
-
CWE-347
High
Weak Secret is Used to Sign JWT
-
CWE-347
High
Ruby framework weak secret key
-
CWE-693
High
JWT Signature Bypass via None Algorithm
-
CWE-345
High
Pyramid framework weak secret key
-
CWE-693
Medium
Flask weak secret key
-
CWE-693
Medium
Play framework weak secret key
-
CWE-693
Medium
Yii2 weak secret key
-
CWE-693
Medium
Web2py weak secret key
-
CWE-693
Medium
Cookie signed with weak secret key
-
CWE-693
Medium
Tornado weak secret key
-
CWE-693
Medium
Mojolicious weak secret key
-
CWE-693
Medium
Express cookie-session weak secret key
-
CWE-693
Medium
Retired hash function in SAML Response
-
CWE-327
Information