CVE-2024-23647
published 2024-01-30CVE-2024-23647: Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE…
PriorityP349high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.54%
41.5th percentile
Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the code_challenge parameter to the authorization request and adds the code_verifier parameter to the token request. Prior to 2023.8.7 and 2023.10.7, a downgrade scenario is possible: if the attacker removes the code_challenge parameter from the authorization request, authentik will not do the PKCE check. Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. Versions 2023.8.7 and 2023.10.7 fix the issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| goauthentik | authentik | < 2023.8.7 | 2023.8.7 |
| goauthentik | authentik | — | — |
| goauthentik | authentik | >= 2023.10.0 < 2023.10.7 | 2023.10.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Authentik vulnerable to PKCE downgrade attack in goauthentik.io
osv·2024-06-28
CVE-2024-23647 Authentik vulnerable to PKCE downgrade attack in goauthentik.io
Authentik vulnerable to PKCE downgrade attack in goauthentik.io
Authentik vulnerable to PKCE downgrade attack in goauthentik.io.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: goauthentik.io before v2023.8.7, from v2023.10.0 before v2023.10.7.
GHSA
Authentik vulnerable to PKCE downgrade attack
ghsa·2024-01-29
CVE-2024-23647 [HIGH] CWE-287 Authentik vulnerable to PKCE downgrade attack
Authentik vulnerable to PKCE downgrade attack
## Summary
PKCE is a very important countermeasure in OAuth2 , both for public and confidential clients. It protects against CSRF attacks and code injection attacks. Because of this bug, an attacker can circumvent the protection PKCE offers.
## Patches
authentik 2023.8.7 and 2023.10.7 fix this issue.
## Details
There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the `code_challenge’ parameter to the authorization request and adds the `code_verifier’ parameter to the token request. We recently fixed a downgrade attack (in v2023.8.5 and 2023.10.4) where if the attacker removed the `code_verifier’ parameter in the token request, authentik would allow the request to pas
OSV
Authentik vulnerable to PKCE downgrade attack
osv·2024-01-29
CVE-2024-23647 [HIGH] Authentik vulnerable to PKCE downgrade attack
Authentik vulnerable to PKCE downgrade attack
## Summary
PKCE is a very important countermeasure in OAuth2 , both for public and confidential clients. It protects against CSRF attacks and code injection attacks. Because of this bug, an attacker can circumvent the protection PKCE offers.
## Patches
authentik 2023.8.7 and 2023.10.7 fix this issue.
## Details
There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the `code_challenge’ parameter to the authorization request and adds the `code_verifier’ parameter to the token request. We recently fixed a downgrade attack (in v2023.8.5 and 2023.10.4) where if the attacker removed the `code_verifier’ parameter in the token request, authentik would allow the request to pas
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31ahttps://github.com/goauthentik/authentik/security/advisories/GHSA-mrx3-gxjx-hjqjhttps://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31ahttps://github.com/goauthentik/authentik/security/advisories/GHSA-mrx3-gxjx-hjqj
2024-01-30
Published