1 results (0.004 seconds)
CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 0
CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 0CVE-2011-4314 – extension): MITM due to improper validation of AX attribute signatures
https://notcve.org/view.php?id=CVE-2011-4314
27 Jan 2012 — message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. message/ax/AxMessage.java en OpenID4Java antes v0.9.6 final, tal y como se utiliza en JBoss Enterprise Application Plat... • http://openid.net/2011/05/05/attribute-exchange-security-alert • CWE-20: Improper Input Validation •