CVE-2019-3778 Pivotal Spring Security OAuth Open Redirector Vulnerability (critical)

Preface: OAuth has become a standard for third-party applications to communicate with the APIs of popular web sites, such as Facebook, Twitter, and Foursquare, to name a few.

Technical background: Currently, the two major versions of OAuth are 1.0(a) and 2.0. With Spring Security and its OAuth 2.0 support, the OAuth (Open Authorisation) is a standard for authorisation of resources. You can set it up to automatically propagate your access tokens from one app to the other, ensuring that everything stays secure and encrypted along the way.

Vulnerability detail: A vulnerability in Pivotal Spring Security OAuth could allow an unauthenticated, remote attacker to conduct an open redirect attack on a targeted system. A successful exploit could cause the authorization server to redirect the resource owner user-agent to an attacker-controlled URI, providing the attacker with sensitive information.

Official announcement: https://pivotal.io/security/cve-2019-3778

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.