OAuth Vulnerability in Pivotal Cloud Foundry and UAA Products
CVE-2016-6636
5.3MEDIUM
What is CVE-2016-6636?
The OAuth authorization implementation in various versions of Pivotal Cloud Foundry and UAA products improperly handles the redirect_uri subdomains. This misconfiguration enables remote attackers to craft malicious subdomains, potentially allowing them to obtain access tokens unintentionally granted through OAuth processes. It emphasizes the importance of ensuring robust validation and handling of redirect URIs to mitigate risks of unauthorized access and token exposure.
