Inadequate Encryption Strength Affecting packbackbooks/lti-1p3-tool package, versions <5.0.0


0.0
high
  • Attack Complexity

    Low

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-PHP-PACKBACKBOOKSLTI1P3TOOL-2952698

  • published

    17 Jul 2022

  • disclosed

    15 Jul 2022

  • credit

    Unknown

How to fix?

Upgrade packbackbooks/lti-1p3-tool to version 5.0.0 or higher.

Overview

packbackbooks/lti-1p3-tool is an A library used for building IMS-certified LTI 1.3 tool providers in PHP

Affected versions of this package are vulnerable to Inadequate Encryption Strength in the generation of cookies and OpenID values, allowing tokens to be forged.