Vulnerabilities > Pac4J

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-06	CVE-2021-44878	Improper Verification of Cryptographic Signature vulnerability in Pac4J If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the OpenID Core Specification. network low complexity pac4j CWE-347	5.0
2019-09-23	CVE-2019-10755	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Pac4J The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. network low complexity pac4j CWE-338	4.0

Vulnerabilities > Pac4J {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Pac4J"}]}