How severe is CVE-2020-26244?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2020-26244?

This is classified as CWE-325, which is a common weakness in software security.

CVE-2020-26244 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1.

Related Vulnerabilities

CVE-2018-5383

MEDIUM

CVSS:6.8(Medium)

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently ...

CWE-3252018

CVE-2022-20793

MEDIUM

CVSS:6.8(Medium)

A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimat...

CWE-3252022

CVE-2025-3938

MEDIUM

CVSS:6.8(Medium)

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagar...

CWE-3252025

CVE-2019-3738

MEDIUM

CVSS:6.5(Medium)

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two...

CWE-3252019

CVE-2023-39199

MEDIUM

CVSS:6.5(Medium)

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.

CWE-3252023

CVE-2023-28999

MEDIUM

CVSS:6.4(Medium)

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server...

CWE-3252023