Sensitive Information Disclosure via SSOToken ID in ForgeRock AM REST APIs
CVE-2018-7272 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.
Learn more about our Api Penetration Testing.