API Broken Auth

This page lists 24 vulnerabilities in this category.

Vulnerability Name

CVE

CWE

Severity

Unvalidated JWT jku parameter

-

CWE-287

High

No SAML Respose signature check

-

CWE-16

High

JWT Signature Bypass via unvalidated x5u parameter

-

CWE-287

High

JWT Signature Bypass via unvalidated x5c parameter

-

CWE-287

High

JWT Signature Bypass via kid SQL injection

-

CWE-287

High

JWT Signature Bypass via kid Path Traversal

-

CWE-287

High

JWT Signature Bypass via unvalidated jwk parameter

-

CWE-287

High

JWT Signature Bypass via unvalidated jku parameter

-

CWE-287

High

JWT Signature is not Verified

-

CWE-287

High

SAML Respose signature exclusion

-

CWE-16

High

SAML Response without signature

-

CWE-16

High

Weak Secret is Used to Sign JWT

-

CWE-345

High

Ruby framework weak secret key

-

CWE-693

High

JWT Signature Bypass via None Algorithm

-

CWE-345

High

Pyramid framework weak secret key

-

CWE-693

Medium

Flask weak secret key

-

CWE-693

Medium

Play framework weak secret key

-

CWE-693

Medium

Yii2 weak secret key

-

CWE-693

Medium

Web2py weak secret key

-

CWE-693

Medium

Cookie signed with weak secret key

-

CWE-693

Medium

Tornado weak secret key

-

CWE-693

Medium

Mojolicious weak secret key

-

CWE-693

Medium

Express cookie-session weak secret key

-

CWE-693

Medium

Retired hash function in SAML Response

-

CWE-16

Information