Primary

Context

One Identity OneLogin Active Directory Connector DirectoryToken Encryption Vulnerability

Vulnerability

A vulnerability exists in One Identity OneLogin Active Directory Connector versions prior to 6.1.5, where the encryption of the DirectoryToken was improperly managed. This flaw has been addressed in the 6.1.5 release, which includes miscellaneous security enhancements such as proper encryption of the DirectoryToken.

Impact

The vulnerability could lead to improper encryption of sensitive data, potentially allowing for unauthorized access or manipulation of directory information.

Remediation

Users can upgrade to One Identity OneLogin Active Directory Connector version 6.1.5, which is available for download from the OneLogin Downloads page.

Added: Jul 2, 2025, 4:37 AM

Updated: Jul 2, 2025, 4:37 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

One Identity OneLogin Active Directory Connector DirectoryToken Encryption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating