Common Weakness Enumeration

CWE-345

Discouraged

Insufficient Verification of Data Authenticity

Abstraction: Class · Status: Draft

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

939 vulnerabilities reference this CWE, most recent first.

GHSA-PR2M-PX7J-XG65

Vulnerability from github – Published: 2024-03-13 15:33 – Updated: 2025-01-22 18:45
VLAI
Summary
aiosmtpd vulnerable to SMTP smuggling
Details

Summary

aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue also existed in other SMTP software like Postfix (https://www.postfix.org/smtp-smuggling.html).

Details

Detailed information on SMTP smuggling can be found in the full blog post (https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/) or on the Postfix homepage (https://www.postfix.org/smtp-smuggling.html). (and soon on the official website https://smtpsmuggling.com/)

Impact

With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "aiosmtpd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-27305"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-13T15:33:14Z",
    "nvd_published_at": "2024-03-12T21:15:58Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\naiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue also existed in other SMTP software like Postfix (https://www.postfix.org/smtp-smuggling.html).\n\n### Details\nDetailed information on SMTP smuggling can be found in the full blog post (https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/) or on the Postfix homepage (https://www.postfix.org/smtp-smuggling.html). (and soon on the official website https://smtpsmuggling.com/)  \n\n### Impact\nWith the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances.",
  "id": "GHSA-pr2m-px7j-xg65",
  "modified": "2025-01-22T18:45:42Z",
  "published": "2024-03-13T15:33:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27305"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aio-libs/aiosmtpd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/aiosmtpd/PYSEC-2024-221.yaml"
    },
    {
      "type": "WEB",
      "url": "https://www.postfix.org/smtp-smuggling.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "aiosmtpd vulnerable to SMTP smuggling"
}

GHSA-PR4R-P276-59PX

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:02
VLAI
Details

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:41:00Z",
    "severity": "CRITICAL"
  },
  "details": "A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.",
  "id": "GHSA-pr4r-p276-59px",
  "modified": "2022-03-17T00:02:06Z",
  "published": "2022-03-11T00:02:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14115"
    },
    {
      "type": "WEB",
      "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=37"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PRQ3-J8M2-5XG7

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14
VLAI
Details

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-3016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-01T20:59:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.",
  "id": "GHSA-prq3-j8m2-5xg7",
  "modified": "2022-05-13T01:14:04Z",
  "published": "2022-05-13T01:14:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3016"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21995518"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PV58-549P-QH99

Vulnerability from github – Published: 2026-02-18 00:33 – Updated: 2026-02-20 16:45
VLAI
Summary
OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning
Details

Summary

Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. TXT records are unauthenticated.

Prior to the fix, some clients treated TXT values as authoritative routing/pinning inputs:

  • iOS and macOS: used TXT-provided host hints (lanHost/tailnetDns) and ports (gatewayPort) to build the connection URL.
  • iOS and Android: allowed the discovery-provided TLS fingerprint (gatewayTlsSha256) to override a previously stored TLS pin.

On a shared/untrusted LAN, an attacker could advertise a rogue _openclaw-gw._tcp service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (auth.token / auth.password) during connection.

Distribution / Exposure

The iOS and Android apps are currently alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN.

CVSS can still be used for the technical (base) severity of the bug; limited distribution primarily affects environmental risk.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: <= 2026.2.13 (latest published on npm as of 2026-02-14)
  • Patched: planned for >= 2026.2.14 (not yet published at time of writing)

Fix

  • Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints.
  • Discovery-provided fingerprints no longer override stored TLS pins.
  • iOS/Android: first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU).
  • iOS/Android: discovery-based direct connects are TLS-only.
  • Android: hostname verification is no longer globally disabled (only bypassed when pinning).

Fix Commit(s)

  • d583782ee322a6faa1fe87ae52455e0d349de586

Credits

Thanks @simecek for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-26327"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-18T00:33:35Z",
    "nvd_published_at": "2026-02-19T23:16:26Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nDiscovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated.\n\nPrior to the fix, some clients treated TXT values as authoritative routing/pinning inputs:\n\n- iOS and macOS: used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL.\n- iOS and Android: allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin.\n\nOn a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection.\n\n## Distribution / Exposure\n\nThe iOS and Android apps are currently alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN.\n\nCVSS can still be used for the technical (base) severity of the bug; limited distribution primarily affects environmental risk.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `\u003c= 2026.2.13` (latest published on npm as of 2026-02-14)\n- Patched: planned for `\u003e= 2026.2.14` (not yet published at time of writing)\n\n## Fix\n\n- Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints.\n- Discovery-provided fingerprints no longer override stored TLS pins.\n- iOS/Android: first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU).\n- iOS/Android: discovery-based direct connects are TLS-only.\n- Android: hostname verification is no longer globally disabled (only bypassed when pinning).\n\n## Fix Commit(s)\n\n- d583782ee322a6faa1fe87ae52455e0d349de586\n\n## Credits\n\nThanks @simecek for reporting.",
  "id": "GHSA-pv58-549p-qh99",
  "modified": "2026-02-20T16:45:30Z",
  "published": "2026-02-18T00:33:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pv58-549p-qh99"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26327"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/d583782ee322a6faa1fe87ae52455e0d349de586"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning"
}

GHSA-PVCJ-XVM2-WGMW

Vulnerability from github – Published: 2023-05-22 21:30 – Updated: 2024-04-04 04:16
VLAI
Details

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345",
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-22T20:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nSnap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.\n\n\n\n\n\n",
  "id": "GHSA-pvcj-xvm2-wgmw",
  "modified": "2024-04-04T04:16:37Z",
  "published": "2023-05-22T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28386"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01"
    },
    {
      "type": "WEB",
      "url": "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PW9M-5JXM-XR6H

Vulnerability from github – Published: 2026-07-07 20:11 – Updated: 2026-07-07 20:11
VLAI
Summary
Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
Details

Am I affected?

Users are affected if all of the following are true:

  • Their application uses better-auth and has enabled at least one of: oidcProvider() (imported from better-auth/plugins/oidc-provider), or mcp() (imported from better-auth/plugins/mcp).
  • Their application has at least one confidential OAuth client registered (any client with type: "web" | "native" | "user-agent-based" in the oauthApplication table, or any trustedClients entry without type: "public"). Public clients with PKCE are not affected.
  • Their application uses better-auth at a version below the patched release.

If an application only uses @better-auth/oauth-provider (the canonical replacement for oidc-provider) and the mcp plugin is not enabled, it is not affected.

Fix:

  1. Upgrade to better-auth@1.6.11 or later.
  2. Migrate from the deprecated oidcProvider() to @better-auth/oauth-provider when feasible. The new package enforces client authentication on both grants by default.
  3. If developers cannot upgrade their applications, see workarounds below.

Summary

The legacy oidcProvider and mcp plugins each expose an OAuth 2.0 token endpoint whose refresh_token grant authenticates the request entirely on possession of the bound refreshToken row and a matching client_id. Neither plugin verifies the registered confidential client's client_secret on the refresh path. An attacker who obtains any valid refresh_token (via database read, log capture, browser-side XSS, or CORS-amplified script in the mcp case) and the public client_id can mint fresh access tokens and rotated refresh tokens until the chain is revoked.

Details

RFC 6749 §6 and OAuth 2.1 §4.3 require confidential clients to authenticate to the token endpoint on every grant, including refresh. The same plugins' authorization_code grant correctly enforces client_secret (the oidc-provider via verifyStoredClientSecret, the mcp plugin via raw equality), which proves the omission on the refresh path is a regression rather than a design choice.

Token rotation issues a new refresh_token with each call, so a single leaked refresh-token grants indefinite access until the row is revoked or its refreshTokenExpiresAt (default 7 days) passes; rotation refreshes that window each call.

Two adjacent issues on the mcp surface ship in the same patch. The mcp authorization_code grant uses raw === for client-secret comparison and ignores the storeClientSecret: "encrypted" | "hashed" configuration; the fix routes both grants through verifyStoredClientSecret. The mcp /mcp/token endpoint sets Access-Control-Allow-Origin: * unconditionally, which amplifies the refresh bypass in browser contexts; the fix narrows the CORS allowlist.

The newer @better-auth/oauth-provider package routes both grants through validateClientCredentials and is not affected.

Patches

Fixed in better-auth@1.6.11. The legacy oidcProvider and mcp token endpoints now require client_secret on the refresh_token grant for confidential clients, using the same constant-time comparison the authorization_code grant already used. Public clients are unaffected (they have no secret to enforce, and PKCE substitutes on the auth-code grant).

The Authorization: Basic parser is fixed to follow RFC 6749 §2.3.1: the credential is split on the first colon and each half is percent-decoded. Client IDs and secrets that contain reserved characters now authenticate correctly. The /mcp/token endpoint's CORS configuration is narrowed in the same change (the wildcard Access-Control-Allow-Origin: * header is removed), matching the standalone @better-auth/oauth-provider package.

The deprecated oidc-provider plugin remains deprecated. The recommended migration path is @better-auth/oauth-provider.

Workarounds

None of these close the bug fully without a code patch.

  • Migrate to @better-auth/oauth-provider if your deployment can adopt the new plugin. It enforces client_secret on both grants.
  • Force all clients to public + PKCE: set every client's type: "public" and require PKCE. The bug is unreachable when there is no client_secret to verify.
  • Network-layer ingress restriction: limit /api/auth/oauth2/token and /api/auth/mcp/token to known client IPs at the load balancer. Practical for server-to-server flows, not for end-user-device clients.
  • Out-of-band refresh-token rotation: on any suspicion of leak, run db.deleteMany({ model: "oauthAccessToken", where: [{ field: "clientId", value: <id> }] }) to invalidate all refresh tokens for the affected client.
  • For the mcp endpoint specifically: drop the wildcard CORS at an upstream proxy and replace with a tight allowlist.

Impact

  • Indefinite confidential-client impersonation: an attacker holding any valid refresh_token and the public client_id can mint access tokens and rotated refresh tokens indefinitely, until the row is revoked. Rotation refreshes the expiration window each call.
  • Resource access at the user's authorized scope: every minted access token carries the original user's authorization scope, so the attacker reads or writes whatever the resource server grants for that scope.

Credit

Reported by @subhanUmer.

Resources

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "better-auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-53512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-306",
      "CWE-345",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-07T20:11:50Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Am I affected?\n\nUsers are affected if all of the following are true:\n\n- Their application uses `better-auth` and has enabled at least one of: `oidcProvider()` (imported from `better-auth/plugins/oidc-provider`), or `mcp()` (imported from `better-auth/plugins/mcp`).\n- Their application has at least one confidential OAuth client registered (any client with `type: \"web\" | \"native\" | \"user-agent-based\"` in the `oauthApplication` table, or any `trustedClients` entry without `type: \"public\"`). Public clients with PKCE are not affected.\n- Their application uses `better-auth` at a version below the patched release.\n\nIf an application only uses `@better-auth/oauth-provider` (the canonical replacement for `oidc-provider`) and the `mcp` plugin is not enabled, it is not affected.\n\nFix:\n\n1. Upgrade to `better-auth@1.6.11` or later.\n2. Migrate from the deprecated `oidcProvider()` to `@better-auth/oauth-provider` when feasible. The new package enforces client authentication on both grants by default.\n3. If developers cannot upgrade their applications, see workarounds below.\n\n### Summary\n\nThe legacy `oidcProvider` and `mcp` plugins each expose an OAuth 2.0 token endpoint whose `refresh_token` grant authenticates the request entirely on possession of the bound `refreshToken` row and a matching `client_id`. Neither plugin verifies the registered confidential client\u0027s `client_secret` on the refresh path. An attacker who obtains any valid `refresh_token` (via database read, log capture, browser-side XSS, or CORS-amplified script in the mcp case) and the public `client_id` can mint fresh access tokens and rotated refresh tokens until the chain is revoked.\n\n### Details\n\nRFC 6749 \u00a76 and OAuth 2.1 \u00a74.3 require confidential clients to authenticate to the token endpoint on every grant, including refresh. The same plugins\u0027 `authorization_code` grant correctly enforces `client_secret` (the oidc-provider via `verifyStoredClientSecret`, the mcp plugin via raw equality), which proves the omission on the refresh path is a regression rather than a design choice.\n\nToken rotation issues a new `refresh_token` with each call, so a single leaked refresh-token grants indefinite access until the row is revoked or its `refreshTokenExpiresAt` (default 7 days) passes; rotation refreshes that window each call.\n\nTwo adjacent issues on the mcp surface ship in the same patch. The mcp `authorization_code` grant uses raw `===` for client-secret comparison and ignores the `storeClientSecret: \"encrypted\" | \"hashed\"` configuration; the fix routes both grants through `verifyStoredClientSecret`. The mcp `/mcp/token` endpoint sets `Access-Control-Allow-Origin: *` unconditionally, which amplifies the refresh bypass in browser contexts; the fix narrows the CORS allowlist.\n\nThe newer `@better-auth/oauth-provider` package routes both grants through `validateClientCredentials` and is not affected.\n\n### Patches\n\nFixed in `better-auth@1.6.11`. The legacy `oidcProvider` and `mcp` token endpoints now require `client_secret` on the `refresh_token` grant for confidential clients, using the same constant-time comparison the `authorization_code` grant already used. Public clients are unaffected (they have no secret to enforce, and PKCE substitutes on the auth-code grant).\n\nThe `Authorization: Basic` parser is fixed to follow RFC 6749 \u00a72.3.1: the credential is split on the first colon and each half is percent-decoded. Client IDs and secrets that contain reserved characters now authenticate correctly. The `/mcp/token` endpoint\u0027s CORS configuration is narrowed in the same change (the wildcard `Access-Control-Allow-Origin: *` header is removed), matching the standalone `@better-auth/oauth-provider` package.\n\nThe deprecated `oidc-provider` plugin remains deprecated. The recommended migration path is `@better-auth/oauth-provider`.\n\n### Workarounds\n\nNone of these close the bug fully without a code patch.\n\n- **Migrate to `@better-auth/oauth-provider`** if your deployment can adopt the new plugin. It enforces `client_secret` on both grants.\n- **Force all clients to public + PKCE**: set every client\u0027s `type: \"public\"` and require PKCE. The bug is unreachable when there is no `client_secret` to verify.\n- **Network-layer ingress restriction**: limit `/api/auth/oauth2/token` and `/api/auth/mcp/token` to known client IPs at the load balancer. Practical for server-to-server flows, not for end-user-device clients.\n- **Out-of-band refresh-token rotation**: on any suspicion of leak, run `db.deleteMany({ model: \"oauthAccessToken\", where: [{ field: \"clientId\", value: \u003cid\u003e }] })` to invalidate all refresh tokens for the affected client.\n- **For the mcp endpoint specifically**: drop the wildcard CORS at an upstream proxy and replace with a tight allowlist.\n\n### Impact\n\n- **Indefinite confidential-client impersonation**: an attacker holding any valid `refresh_token` and the public `client_id` can mint access tokens and rotated refresh tokens indefinitely, until the row is revoked. Rotation refreshes the expiration window each call.\n- **Resource access at the user\u0027s authorized scope**: every minted access token carries the original user\u0027s authorization scope, so the attacker reads or writes whatever the resource server grants for that scope.\n\n### Credit\n\nReported by @subhanUmer.\n\n### Resources\n\n- [CWE-306: Missing Authentication for Critical Function](https://cwe.mitre.org/data/definitions/306.html)\n- [CWE-287: Improper Authentication](https://cwe.mitre.org/data/definitions/287.html)\n- [CWE-345: Insufficient Verification of Data Authenticity](https://cwe.mitre.org/data/definitions/345.html)\n- [CWE-863: Incorrect Authorization](https://cwe.mitre.org/data/definitions/863.html)\n- [RFC 6749 \u00a76: Refreshing an Access Token](https://datatracker.ietf.org/doc/html/rfc6749#section-6)\n- [OAuth 2.1 \u00a74.3: Refresh Token](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1#section-4.3)",
  "id": "GHSA-pw9m-5jxm-xr6h",
  "modified": "2026-07-07T20:11:50Z",
  "published": "2026-07-07T20:11:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/better-auth/better-auth/security/advisories/GHSA-pw9m-5jxm-xr6h"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/better-auth/better-auth"
    },
    {
      "type": "WEB",
      "url": "https://github.com/better-auth/better-auth/releases/tag/v1.6.11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins"
}

GHSA-PWR7-6JJ8-MWX4

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2022-05-24 16:57
VLAI
Details

In SAP NetWeaver Process Integration (AS2 Adapter), before versions 1.0 and 2.0, the attacker is able to consistently bypass the authenticity check by crafting ad-hoc public certificates based on arbitrary key-pairs leading to Missing Authentication Check.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-0379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-08T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In SAP NetWeaver Process Integration (AS2 Adapter), before versions 1.0 and 2.0, the attacker is able to consistently bypass the authenticity check by crafting ad-hoc public certificates based on arbitrary key-pairs leading to Missing Authentication Check.",
  "id": "GHSA-pwr7-6jj8-mwx4",
  "modified": "2022-05-24T16:57:59Z",
  "published": "2022-05-24T16:57:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0379"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2826015"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PX8V-PP82-RCVR

Vulnerability from github – Published: 2024-12-02 17:28 – Updated: 2024-12-04 22:16
VLAI
Summary
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
Details

Impact

An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet.

By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection).

As far as I understand, the kernel tracks the MTU per 4-tuple, so the attacker needs to at least know the client's IP and port tuple to mount an attack (assuming that it knows the server's IP and port).

Patches

The fix is easy: Use IP_PMTUDISC_PROBE instead of IP_PMTUDISC_DO. This socket option only sets the DF bit, but disables the kernel's MTU tracking.

Has the problem been patched? What versions should users upgrade to?

Fixed in https://github.com/quic-go/quic-go/pull/4729 Released in https://github.com/quic-go/quic-go/releases/tag/v0.48.2

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

Use iptables to drop ICMP Unreachable packets.

References

Are there any links users can visit to find out more?

This bug was discovered while doing research for my new IETF draft on IP fragmentation: https://datatracker.ietf.org/doc/draft-seemann-tsvwg-udp-fragmentation/

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/quic-go/quic-go"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.48.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-53259"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-02T17:28:14Z",
    "nvd_published_at": "2024-12-02T17:15:12Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAn off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used `IP_PMTUDISC_DO`, the kernel would then return a \"message too large\" error on `sendmsg`, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet.\n\nBy setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they\u0027re unable to establish a QUIC connection).\n\nAs far as I understand, the kernel tracks the MTU per 4-tuple, so the attacker needs to at least know the client\u0027s IP and port tuple to mount an attack (assuming that it knows the server\u0027s IP and port).\n\n### Patches\n\nThe fix is easy: Use `IP_PMTUDISC_PROBE` instead of `IP_PMTUDISC_DO`. This socket option only sets the DF bit, but disables the kernel\u0027s MTU tracking.\n\n_Has the problem been patched? What versions should users upgrade to?_\n\nFixed in https://github.com/quic-go/quic-go/pull/4729\nReleased in https://github.com/quic-go/quic-go/releases/tag/v0.48.2\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nUse iptables to drop ICMP Unreachable packets.\n\n### References\n\n_Are there any links users can visit to find out more?_\n\nThis bug was discovered while doing research for my new IETF draft on IP fragmentation: https://datatracker.ietf.org/doc/draft-seemann-tsvwg-udp-fragmentation/\n",
  "id": "GHSA-px8v-pp82-rcvr",
  "modified": "2024-12-04T22:16:38Z",
  "published": "2024-12-02T17:28:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53259"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/pull/4729"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/quic-go/quic-go"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quic-go/quic-go/releases/tag/v0.48.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "quic-go affected by an ICMP Packet Too Large Injection Attack on Linux"
}

GHSA-Q3CC-RR2C-87R6

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2024-05-02 12:18
VLAI
Summary
Hex authenticity of signed packages not validated
Details

Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Hex",
        "name": "hex_core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-1000013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-02T12:18:21Z",
    "nvd_published_at": "2019-02-04T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0.",
  "id": "GHSA-q3cc-rr2c-87r6",
  "modified": "2024-05-02T12:18:21Z",
  "published": "2022-05-13T01:07:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000013"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hexpm/hex_core/pull/48"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hexpm/hex_core/pull/51"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hexpm/hex_core"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Hex authenticity of signed packages not validated"
}

GHSA-Q4XM-6FJC-5F6W

Vulnerability from github – Published: 2024-11-26 16:38 – Updated: 2024-12-09 17:00
VLAI
Summary
sigstore-java has vulnerability with bundle verification
Details

Summary

sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log

Impact

This bug impacts clients using any variation of KeylessVerifier.verify()

The verifier may accept a bundle with an unrelated log entry, cryptographically verifying everything but fails to ensure the log entry applies to the artifact in question, thereby "verifying" a bundle without any proof the signing event was logged.

This allows the creation of a bundle without fulcio certificate and private key combined with an unrelated but time-correct log entry to fake logging of a signing event. A malicious actor using a compromised identity may want to do this to prevent discovery via rekor's log monitors.

The signer's identity will still be available to the verifier. The signature on the bundle must still be on the correct artifact for the verifier to pass.

sigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality.

Steps To Reproduce

Build the java sigstore-cli at v1.0.0

git clone --branch v1.0.0 git@github.com:sigstore/sigstore-java
cd sigstore-java
./gradlew :sigstore-cli:build
tar -xf sigstore-cli/build/distributions/sigstore-cli-1.0.0-SNAPSHOT.tar --strip-components 1

Create two random blobs

dd bs=1 count=50 </dev/urandom > blob1
dd bs=1 count=50 </dev/urandom > blob2

Sign each blob using the cli

./bin/sigstore-cli sign --bundle=blob1.sigstore.json blob1
./bin/sigstore-cli sign --bundle=blob2.sigstore.json blob2

Create a falsified bundle including the base64Signature and cert fields from blob1's bundle and the rekorBundle from blob2's bundle

jq --slurpfile bundle2 blob2.sigstore.json '.verificationMaterial.tlogEntries = $bundle2[0].verificationMaterial.tlogEntries' blob1.sigstore.json > invalidBundle.sigstore.json

Find the embedded artifact hash in the bundle, and compare to the sha256 sums of blob1 and blob2. See that the bundle tlog entry matches blob2.

cat invalidBundle.sigstore.json | jq -r '.verificationMaterial.tlogEntries[0].canonicalizedBody' | base64 -d | jq -r '.spec.data.hash.value'

sha256sum blob1 blob2

Verify the bundle against blob1

./bin/sigstore-cli verify --bundle=invalidBundle.sigstore.json blob1
# no errors???!

Patches

Patched in v1.1.0 release with https://github.com/sigstore/sigstore-java/pull/856 Added conformance test for all clients in: https://github.com/sigstore/sigstore-conformance/pull/166

Workarounds

  1. Verifiers can recreate the log entry and compare it to the provided log entry.
var bundle = Bundle.from(bundleFile, StandardCharsets.UTF_8);
var rekorEntry = bundle.getEntries().get(0);
var calculatedHashedRekord =
    Base64.toBase64String(
        HashedRekordRequest.newHashedRekordRequest(
                artifactDigest,
                Certificates.toPemBytes(Certificates.getLeaf(bundle.getCertPath())),
                bundle.getMessageSignature().get().getSignature())
            .toJsonPayload()
            .getBytes(StandardCharsets.UTF_8));
if (!Objects.equals(calculatedHashedRekord, rekorEntry.getBody())) {
  throw new Exception("Provided verification materials are inconsistent with log entry");
}
  1. Verifiers can contact the log and discover if the artifact signing event has indeed been added to the log
var bundle = Bundle.from(bundleFile, StandardCharsets.UTF);
var artifactDigest = Files.asByteSource(Path.of(artifact).toFile()).hash(Hashing.sha256()).asBytes();
var sigstoreTufClientBuilder = SigstoreTufClient.builder().usePublicGoodInstance();
var trustedRootProvider = TrustedRootProvider.from(sigstoreTufClientBuilder);
var entry = RekorEntryFetcher.fromTrustedRoot(trustedRootProvider).getEntryFromRekor(artifactDigest, Certificates.getLeaf(bundle.getCertPath()), bundle.getMessageSignature().get().getSignature());
RekorVerifier.newRekorVerifier(trustedRootProvider.get()).verifyEntry(entry);
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "dev.sigstore:sigstore-java"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-53267"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-26T16:38:18Z",
    "nvd_published_at": "2024-11-26T19:15:30Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nsigstore-java has insufficient verification for a situation where a validly-signed but \"mismatched\" bundle is presented as proof of inclusion into a transparency log\n\n### Impact\n\nThis bug impacts clients using any variation of KeylessVerifier.verify()\n\nThe verifier may accept a bundle with an unrelated log entry, cryptographically verifying everything but fails to ensure the log entry applies to the artifact in question, thereby \"verifying\" a bundle without any proof the signing event was logged.\n\nThis allows the creation of a bundle without fulcio certificate and private key combined with an unrelated but time-correct log entry to fake logging of a signing event. A malicious actor using a compromised identity may want to do this to prevent discovery via rekor\u0027s log monitors.\n\nThe signer\u0027s identity will still be available to the verifier. The signature on the bundle must still be on the correct artifact for the verifier to pass.\n\nsigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality.\n\n### Steps To Reproduce\n\nBuild the java sigstore-cli at v1.0.0\n```shell\ngit clone --branch v1.0.0 git@github.com:sigstore/sigstore-java\ncd sigstore-java\n./gradlew :sigstore-cli:build\ntar -xf sigstore-cli/build/distributions/sigstore-cli-1.0.0-SNAPSHOT.tar --strip-components 1\n```\n\nCreate two random blobs\n```shell\ndd bs=1 count=50 \u003c/dev/urandom \u003e blob1\ndd bs=1 count=50 \u003c/dev/urandom \u003e blob2\n```\n\nSign each blob using the cli\n```shell\n./bin/sigstore-cli sign --bundle=blob1.sigstore.json blob1\n./bin/sigstore-cli sign --bundle=blob2.sigstore.json blob2\n```\n\nCreate a falsified bundle including the base64Signature and cert fields from blob1\u0027s bundle and the rekorBundle from blob2\u0027s bundle\n```shell\njq --slurpfile bundle2 blob2.sigstore.json \u0027.verificationMaterial.tlogEntries = $bundle2[0].verificationMaterial.tlogEntries\u0027 blob1.sigstore.json \u003e invalidBundle.sigstore.json\n```\n\nFind the embedded artifact hash in the bundle, and compare to the sha256 sums of blob1 and blob2. See that the bundle tlog entry matches blob2.\n```shell\ncat invalidBundle.sigstore.json | jq -r \u0027.verificationMaterial.tlogEntries[0].canonicalizedBody\u0027 | base64 -d | jq -r \u0027.spec.data.hash.value\u0027\n\nsha256sum blob1 blob2\n```\n\nVerify the bundle against blob1\n```shell\n./bin/sigstore-cli verify --bundle=invalidBundle.sigstore.json blob1\n# no errors???!\n```\n\n### Patches\nPatched in v1.1.0 release with https://github.com/sigstore/sigstore-java/pull/856\nAdded conformance test for all clients in: https://github.com/sigstore/sigstore-conformance/pull/166\n\n### Workarounds\n1. Verifiers can recreate the log entry and compare it to the provided log entry.\n```\nvar bundle = Bundle.from(bundleFile, StandardCharsets.UTF_8);\nvar rekorEntry = bundle.getEntries().get(0);\nvar calculatedHashedRekord =\n    Base64.toBase64String(\n        HashedRekordRequest.newHashedRekordRequest(\n                artifactDigest,\n                Certificates.toPemBytes(Certificates.getLeaf(bundle.getCertPath())),\n                bundle.getMessageSignature().get().getSignature())\n            .toJsonPayload()\n            .getBytes(StandardCharsets.UTF_8));\nif (!Objects.equals(calculatedHashedRekord, rekorEntry.getBody())) {\n  throw new Exception(\"Provided verification materials are inconsistent with log entry\");\n}\n```\n2. Verifiers can contact the log and discover if the artifact signing event has indeed been added to the log\n```java\nvar bundle = Bundle.from(bundleFile, StandardCharsets.UTF);\nvar artifactDigest = Files.asByteSource(Path.of(artifact).toFile()).hash(Hashing.sha256()).asBytes();\nvar sigstoreTufClientBuilder = SigstoreTufClient.builder().usePublicGoodInstance();\nvar trustedRootProvider = TrustedRootProvider.from(sigstoreTufClientBuilder);\nvar entry = RekorEntryFetcher.fromTrustedRoot(trustedRootProvider).getEntryFromRekor(artifactDigest, Certificates.getLeaf(bundle.getCertPath()), bundle.getMessageSignature().get().getSignature());\nRekorVerifier.newRekorVerifier(trustedRootProvider.get()).verifyEntry(entry);\n```\n",
  "id": "GHSA-q4xm-6fjc-5f6w",
  "modified": "2024-12-09T17:00:45Z",
  "published": "2024-11-26T16:38:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-java/security/advisories/GHSA-q4xm-6fjc-5f6w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53267"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-conformance/pull/166"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-java/pull/856"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sigstore/sigstore-java"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "sigstore-java has vulnerability with bundle verification"
}

No mitigation information available for this CWE.

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)

An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website.

CAPEC-141: Cache Poisoning

An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.

CAPEC-142: DNS Cache Poisoning

A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.

CAPEC-148: Content Spoofing

An adversary modifies content to make it contain something other than what the original content producer intended while keeping the apparent source of the content unchanged. The term content spoofing is most often used to describe modification of web pages hosted by a target to display the adversary's content instead of the owner's content. However, any content can be spoofed, including the content of email messages, file transfers, or the content of other network communication protocols. Content can be modified at the source (e.g. modifying the source file for a web page) or in transit (e.g. intercepting and modifying a message between the sender and recipient). Usually, the adversary will attempt to hide the fact that the content has been modified, but in some cases, such as with web site defacement, this is not necessary. Content Spoofing can lead to malware exposure, financial fraud (if the content governs financial transactions), privacy violations, and other unwanted outcomes.

CAPEC-218: Spoofing of UDDI/ebXML Messages

An attacker spoofs a UDDI, ebXML, or similar message in order to impersonate a service provider in an e-business transaction. UDDI, ebXML, and similar standards are used to identify businesses in e-business transactions. Among other things, they identify a particular participant, WSDL information for SOAP transactions, and supported communication protocols, including security protocols. By spoofing one of these messages an attacker could impersonate a legitimate business in a transaction or could manipulate the protocols used between a client and business. This could result in disclosure of sensitive information, loss of message integrity, or even financial fraud.

CAPEC-384: Application API Message Manipulation via Man-in-the-Middle

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to perform adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system. Despite the use of AiTH software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Adversary-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.

CAPEC-385: Transaction or Event Tampering via Application API Manipulation

An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.

CAPEC-386: Application API Navigation Remapping

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains links/buttons that point to an attacker controlled destination. Some applications make navigation remapping more difficult to detect because the actual HREF values of images, profile elements, and links/buttons are masked. One example would be to place an image in a user's photo gallery that when clicked upon redirected the user to an off-site location. Also, traditional web vulnerabilities (such as CSRF) can be constructed with remapped buttons or links. In some cases navigation remapping can be used for Phishing attacks or even means to artificially boost the page view, user site reputation, or click-fraud.

CAPEC-387: Navigation Remapping To Propagate Malicious Content

An adversary manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic.

CAPEC-388: Application API Button Hijacking

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.

CAPEC-701: Browser in the Middle (BiTM)

An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access.