Sensitive Information Disclosure via SSOToken ID in ForgeRock AM REST APIs

Sensitive Information Disclosure via SSOToken ID in ForgeRock AM REST APIs

CVE-2018-7272 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.

Learn more about our Api Penetration Testing.