CVE-2022-39222 Dex is an identity service that uses OpenID Connect to drive authentication for other apps
When installing a new app that requires OAuth 2.0, the user has to accept the terms and conditions of the app by tapping on
CVE-2020-15331 Zyxel CloudCNM has a hardcoded OAUTH_SECRET_KEY in SecuManager 3.1.0 and 3.1.1.
This can be a problem when upgrading from version 3.0.x as the version 3.0.x shipped with a hardcoded OAUTH_SECRET_KEY
CVE-2022-22526 Gavazzi UWP3.0 and CPY Car Park Server 2.8.3 have missing authentication, which allows for full access via API.
To avoid this, you have to force authentication by adding a domain name and password to your API requests. For example: /v2/cars/{id}/drive/
CVE-2022-2860 In Chrome prior to 104.0.5112.101, insufficient policy enforcement allowed a remote attacker to bypass cookie prefix restrictions.
This issue was fixed by updating Google Chrome to version 104.0.2.
Redirect injection via extensions in Google Chrome prior to version 104.0.
CVE-2022-3119 The OAuth client plugin before 3.0.4 doesn't have authorization and CSRF, which could allow attackers to update the settings and change the OAuth endpoints.
when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then
Episode
00:00:00
00:00:00