जमा करें #857923: django-oauth django-oauth-toolkit 3.3.0 at commit ddec25b491e52d7f4a1e2cf13a436ffddcf6c782 CWE-613 Insufficient Session Expiration / CWE-287 Improper Autheजानकारी

शीर्षकdjango-oauth django-oauth-toolkit 3.3.0 at commit ddec25b491e52d7f4a1e2cf13a436ffddcf6c782 CWE-613 Insufficient Session Expiration / CWE-287 Improper Authe
विवरणdjango-oauth-toolkit 3.3.0 conditionally accepts expired ID tokens for OpenID Connect RP-initiated logout. When RP-initiated logout is enabled, the default OIDC_RP_INITIATED_LOGOUT_ACCEPT_EXPIRED_TOKENS=True makes _load_id_token() construct the JWT with an empty check_claims dictionary, explicitly skipping validation of exp and nbf. validate_logout_request_user() then uses the loaded IDToken for logout validation and client matching. This issue is conditional because RP-initiated logout must be enabled by the deployment. If enabled with the default expired-token option, stale id_token_hint values can participate in logout and token deletion flows after their intended validity period. Remediation should default expired-token acceptance to false or enforce a separate maximum acceptable ID token age for logout hints.
स्रोत⚠️ https://github.com/django-oauth/django-oauth-toolkit/issues/1715
उपयोगकर्ता
 Galaxyn (UID 98388)
सबमिशन13/06/2026 12:54 PM (1 महीना पहले)
संयम18/07/2026 10:23 AM (1 month later)
स्थितिप्रतिलिपि
VulDB प्रविष्टि380022 [django-oauth django-oauth-toolkit 3.3.0 oauth2_validators.py _load_id_token कमजोर प्रमाणीकरण]
अंक0

Do you know our Splunk app?

Download it now for free!