You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found that, in the "access_token" function (from RestOauthController.groovy) in charge of generating a new access token when a user povides a refresh token does not check the type of the passed token before parsing its details (loaduserbytoken)
As a result, one may provide an access token instead of a refresh token. The user will be sent back a fresh access token.
The security risk here is that a leaked access token (if stolen before expiration) may be renewed by an attacker to persist indefinitely in the system.
The text was updated successfully, but these errors were encountered:
Hello,
I found that, in the "access_token" function (from RestOauthController.groovy) in charge of generating a new access token when a user povides a refresh token does not check the type of the passed token before parsing its details (loaduserbytoken)
As a result, one may provide an access token instead of a refresh token. The user will be sent back a fresh access token.
The security risk here is that a leaked access token (if stolen before expiration) may be renewed by an attacker to persist indefinitely in the system.
The text was updated successfully, but these errors were encountered: