Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library

High

dbhynds published GHSA-768m-5w34-2xf5

Jul 15, 2022

Package

packbackbooks/lti-1-3-php-library (Composer)

Affected versions

< 5.0

Patched versions

5.0

Description

Impact

The function used to generate random nonces was not sufficiently cryptographically complex.

Patches

Users should upgrade to version 5.0 immediately

Workarounds

None.

References

https://openid.net/specs/openid-connect-core-1_0.html#IDToken