WSO2 Identity Server Improper Authentication Vulnerability Allowing Bypass of Client Verification

Vulnerability

A vulnerability allowing improper authentication has been identified in WSO2 Identity Server version 7.0.0. This issue arises from an implementation flaw that enables the bypassing of app-native authentication when an invalid object is received. Exploiting this vulnerability could allow malicious actors to evade the client verification process, thereby undermining the integrity of authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized bypassing of authentication mechanisms, allowing attackers to manipulate the authentication process and potentially gain unauthorized access or privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WSO2 Identity Server Improper Authentication Vulnerability Allowing Bypass of Client Verification

Vulnerability

Impact

Affected Products

WSO2 Identity Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating