IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even wi
In order to address CWE 297, we have 2 criteria to meet :- Verify that a certificate comes from a trusted CA. Verify the endpoint server matches the certificate correctly. Lack of hostname verification is another security flaw. Ensure that hostname verification ...
Closed Description We use the App Center SDK within our Android app. During the Veracode security scans run on the builds, there were 9 security policy violations or flaws reported for App Center. This issue lists 5 flaws that were reported under the Veracode CWE ID 297. ...
"The left-hand side of an assignment must be a variable, property or indexer". Help? "The remote server returned an error: (401) Unauthorized" "Typewriter" like effect in a C# Console application? "Unable to cast object of type 'System.Configuration.DefaultSection' to type blah blah ((Sy...
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. Remediation References CVE-2020-13254 Related Vulnerabilities...