CVE-2024-12056
Dec. 4, 2024, 3:15 p.m.
Tags
Product(s) Impacted
OAuth
Description
The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.
Weaknesses
CWE-358
Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
CWE ID: 358Date
Published: Dec. 4, 2024, 3:15 p.m.
Last Modified: Dec. 4, 2024, 3:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932
References
https://www.pcvue.com/
87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932