High-Severity Bug Reported in Google's OAuth Client Library for Java

19-May-22

The vulnerability, identified as CVE-2021-22573, has a severity rating of 8.7 out of ten and is related to an authentication bypass in the library caused by an incorrect cryptographic signature verification.

Signature verification ensures that the payload of the token comes from a legitimate provider and not from a third party. A compromised token with a bespoke payload can be provided by an attacker. On the client side, the token will pass validation. Read More…