























Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition.
An attacker with a valid one-time token can send concurrent requests to the authentication endpoint, allowing the single-use token to be consumed multiple times and establishing multiple authenticated sessions.
The default InMemoryOneTimeTokenService is thread-safe and not affected by this vulnerability.
Spring Security:
Users of affected versions should upgrade to the corresponding fixed version.
| Affected version(s) | Fix version | Availability |
|---|---|---|
| 6.4.x | 6.4.16 | Commercial |
| 6.5.x | 6.5.10 | OSS |
| 7.0.x | 7.0.5 | OSS |
The issue was identified and responsibly reported by Jinyeong Seol (@Seol-JY).
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。