Global News

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

October 1, 2025

Written by:

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances.
The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as a case of

Source: https://thehackernews.com/2025/10/onelogin-bug-let-attackers-use-api-keys.html

#oidcsecrets #sensitiveopenid #identityonelogin #oneloginidentity #oneloginbug

Global News

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

Leave a comment Cancel reply

Yekaterinburg Court Jails 5 Leftist Activists Over Alleged Coup Attempt

Central Bank of Ireland publishes roadmap to deliver a more effective and efficient regulatory framework

Rhasidat Adeleke renews Allianz sponsorship as calls grow for GAA to scrap deal

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

Share this:

Leave a comment Cancel reply

Yekaterinburg Court Jails 5 Leftist Activists Over Alleged Coup Attempt

Central Bank of Ireland publishes roadmap to deliver a more effective and efficient regulatory framework

Rhasidat Adeleke renews Allianz sponsorship as calls grow for GAA to scrap deal