PT-2020-7604 · Signond · Signond
Marc Deslauriers
+1
·
Published
2020-05-07
·
Updated
2020-05-12
·
CVE-2014-1423
CVSS v3.1
5.9
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
signond versions prior to 8.57+15.04.20141127.1-0ubuntu1
Description
The issue is related to the signond application, which did not properly restrict other applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. This could allow an attacker to create a malicious click app that collects oauth tokens for other applications, potentially exposing sensitive information.
Recommendations
For versions prior to 8.57+15.04.20141127.1-0ubuntu1, update to version 8.57+15.04.20141127.1-0ubuntu1 or later to resolve the issue. As a temporary workaround, consider restricting the use of oath tokens or implementing additional security measures to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Signond