Pedram Hosseyni

**Name of the Vulnerable Software and Affected Versions** OpenID Connect Core versions prior to 1.0 errata set 3 **Description** The issue allows audience injection in certain situations when the private key jwt authentication mechanism is used. A malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issuer identifiers of other Authorization Servers. The malicious Authorization Server could then use these private key JWTs to impersonate the Client. **Recommendations** For OpenID Connect Core versions prior to 1.0 errata set 3, consider updating to version 1.0 errata set 3 or later to resolve the issue. As a temporary workaround, restrict the use of the private key jwt authentication mechanism to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IETF OAuth 2.0 versions (affected versions not specified) **Description** The issue arises from ambiguities in the audience values of JSON Web Tokens (JWTs) sent to authorization servers when using the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism. This ambiguity is present in certain IETF OAuth 2.0-related specifications. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.