Skip to content

Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library

High
dbhynds published GHSA-768m-5w34-2xf5 Jul 15, 2022

Package

composer packbackbooks/lti-1-3-php-library (Composer)

Affected versions

< 5.0

Patched versions

5.0

Description

Impact

The function used to generate random nonces was not sufficiently cryptographically complex.

Patches

Users should upgrade to version 5.0 immediately

Workarounds

None.

References

Severity

High

CVE ID

CVE-2022-31157

Weaknesses

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). Learn more on MITRE.