Authentication Bypass Affecting io.pivotal.spring.cloud:spring-cloud-sso-connector Open this link in a new tab package, versions [2.1.2.RELEASE,2.1.3.RELEASE)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
10 May 2018
30 Apr 2018
How to fix?
io.pivotal.spring.cloud:spring-cloud-sso-connector to version 2.1.3 or higher.
io.pivotal.spring.cloud:spring-cloud-sso-connector is a Spring Cloud Connector for use with the Pivotal Single Sign-On Service on Cloud Foundry.
Affected versions of this package are vulnerable to Authentication Bypass. It disables issuer validation in resource servers that are not bound to the SSO service. A remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.