babelouest/glewlwyd

babelouest/glewlwyd

babelouest.github.io

Releases58

Frequency1 month 1 week

Last Release over 2 years ago

Stars433

Experimental Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-25715 ↗	Feb 11, 2024Sunday, 11 February 2024, 03:15	6.1 MEDIUM	—
Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.
CVE-2023-49208 ↗	Nov 23, 2023Thursday, 23 November 2023, 18:15	9.8 CRITICAL	—
scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.
CVE-2022-29967 ↗	Apr 29, 2022Friday, 29 April 2022, 23:15	7.5 HIGH	5 MEDIUM
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.
CVE-2022-27240 ↗	Mar 18, 2022Friday, 18 March 2022, 06:15	9.8 CRITICAL	7.5 HIGH
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.
CVE-2021-45379 ↗	Dec 30, 2021Thursday, 30 December 2021, 18:15	8.8 HIGH	6.5 MEDIUM
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
CVE-2021-40818 ↗	Sep 8, 2021Wednesday, 8 September 2021, 22:15	9.8 CRITICAL	7.5 HIGH
scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.