CVE-2020-5300— Hydra 安全漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2020-5300 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Disallow replay of `private_key_jwt` by blacklisting JTIs in Hydra
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not check the uniqueness of this `jti` value. Exploiting this vulnerability is somewhat difficult because: - TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks - The expiry time of the JWT gives only a short window of opportunity where it could be replayed This has been patched in version v1.4.0+oryOS.17
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
使用捕获-重放进行的认证绕过
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Hydra 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Hydra是一款渗透测试工具。 Hydra 1.4.0之前版本中存在安全漏洞,该漏洞源于程序没有检查‘jti’值的唯一性。攻击者可利用该漏洞重放令牌。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2020-5300 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2020-5300 的情报信息
Please 登录 to view more intelligence information
- https://github.com/ory/hydra/security/advisories/GHSA-3p3g-vpw6-4w66x_refsource_CONFIRM
- https://github.com/ory/hydra/releases/tag/v1.4.0x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-5300
IV. Related Vulnerabilities
V. Comments for CVE-2020-5300
暂无评论