Primary

Context

StrongDM Client Pre-Authentication Token Vulnerability Allowing Authentication Hijacking

Vulnerability

A vulnerability has been identified in the StrongDM Client that inadequately protected a pre-authentication token. This flaw allows attackers to intercept and reuse the token, potentially exploiting it to redeem valid authentication credentials through a race condition. The vulnerability affects all client application CLI versions prior to 47.97.0.

Impact

Exploitation of this vulnerability could lead to unauthorized access by hijacking authentication tokens, allowing attackers to impersonate legitimate users.

Remediation

Users are advised to update to version 47.97.0 or later.

Added: Aug 20, 2025, 5:24 PM

Updated: Aug 20, 2025, 5:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

StrongDM Client Pre-Authentication Token Vulnerability Allowing Authentication Hijacking

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating