CNNVD-202507-056 Information

CNNVD ID

CNNVD-202507-056

Related CVE

CVE-2025-34063

• CNNVD Published: 2025-07-01

Description (Chinese)

One Identity OneLogin AD Connector是美国One Identity公司的一个连接器软件。 One Identity OneLogin AD Connector 6.1.5之前版本存在安全漏洞，该漏洞源于JWT签名密钥泄露导致身份验证绕过。

Description (English)

One Identity OneLogin AD Contractor is a connection software for One Identity in the United States. One Identity OneLogin AD Monitor 6.1.5 contains a security loophole that originated from the leaking of the JWT signature key that caused the authentication to bypass.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Oneflow

Published

2025-07-01

Last Modified

2026-02-24

References

https://vulncheck.com/advisories/onelogin-ad-connector-account-compromise https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys/ https://support.onelogin.com/product-notification/noti-00001768 https://access.redhat.com/security/cve/cve-2025-34063

Patch

https://support.onelogin.com/product-notification/noti-00001768