Dbhynds

**Name of the Vulnerable Software and Affected Versions** LTI 1.3 Tool Library versions prior to 5.0 **Description** The issue concerns the function used to generate random nonces, which was not sufficiently cryptographically complex. This could make values predictable and tokens forgable. There are no known workarounds. **Recommendations** For versions prior to 5.0, upgrade to version 5.0 to receive a patch.

**Name of the Vulnerable Software and Affected Versions** LTI 1.3 Tool Library versions prior to 5.0 **Description** The issue concerns the Nonce Claim Value not being validated against the nonce value sent in the Authentication Request. This affects the LTI 1.3 Tool Library, a library used for building IMS-certified LTI 1.3 tool providers in PHP. There are currently no known workarounds. **Recommendations** For versions prior to 5.0, users should upgrade to version 5.0 to receive a patch. As a temporary workaround, consider disabling the functionality that relies on the Nonce Claim Value until a patch is available.