all InfoSec news
Security flaws in an SSO plugin for Caddy
Malware Analysis, News and Indicators - Latest topics malware.news
By Maciej Domanski, Travis Peters, and David Pokora
We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized access to resources.
During our evaluation, Caddy was deployed as a reverse proxy to provide access to several of our internal services. We explored a plugin configuration that would allow us to handle authentication and authorization with our …
access applications attacks client client-side code code execution enable evaluation flaws high oauth plugin replay resources security security flaws server severity sso travis unauthorized access vulnerabilities web web applications web server