grails-spring-security-rest icon indicating copy to clipboard operation
grails-spring-security-rest copied to clipboard

Published 20 hours ago verified publisher icon grails

Potentially insecure token refresh

Open klcium opened this issue 10 months ago • 0 comments

Hello,

I found that, in the "access_token" function (from RestOauthController.groovy) in charge of generating a new access token when a user povides a refresh token does not check the type of the passed token before parsing its details (loaduserbytoken)

As a result, one may provide an access token instead of a refresh token. The user will be sent back a fresh access token.

The security risk here is that a leaked access token (if stolen before expiration) may be renewed by an attacker to persist indefinitely in the system.

klcium avatar Apr 09 '24 15:04 klcium