OpenAM Security Advisory #201506

This topic has 0 replies, 1 voice, and was last updated 5 years, 11 months ago by [email protected].

  • Author
    Posts
  • #5821

    Issue #201506-02: Possible user impersonation when using OpenAM as an OAuth2/OIDC Provider.
    When using multiple realms, it is possible for an authenticated user in realmA to acquire OAuth2 and OpenID Connect tokens that correspond to realmB.

    How can one reproduce this issue? Whats the use case where one can face this scenario.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?