Skip to main content

CVE-2025-34062: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in One Identity OneLogin Active Directory Connector (ADC)

Medium
VulnerabilityCVE-2025-34062cvecve-2025-34062cwe-200cwe-522
Published: Tue Jul 01 2025 (07/01/2025, 14:49:20 UTC)
Source: CVE Database V5
Vendor/Project: One Identity
Product: OneLogin Active Directory Connector (ADC)

Description

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext response disclosing sensitive credentials. These may include an API key, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant’s SSO IdP configuration.

AI-Powered Analysis

AILast updated: 07/01/2025, 15:25:13 UTC

Technical Analysis

CVE-2025-34062 is an information disclosure vulnerability affecting One Identity's OneLogin Active Directory Connector (ADC) versions prior to 6.1.5. The vulnerability arises from improper protection of the /api/adc/v4/configuration endpoint, which, when accessed with a valid directory_token, returns sensitive credentials in plaintext. The directory_token itself can be obtained by an attacker through access to host registry keys or poorly secured logs, indicating that local or limited privileged access is a prerequisite. The exposed credentials include critical secrets such as API keys, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant's Single Sign-On (SSO) Identity Provider (IdP) configuration. These credentials could allow an attacker to escalate privileges, move laterally within the network, or compromise cloud resources and authentication mechanisms. The vulnerability is rated medium severity with a CVSS 4.0 score of 5.7, reflecting the requirement for some privileges (local access with low privileges) and no user interaction, but with high impact on confidentiality. There are no known exploits in the wild as of the publication date, and no patches are linked yet, indicating that organizations should prioritize mitigation and monitoring. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information) and CWE-522 (Insufficiently Protected Credentials).

Potential Impact

For European organizations, the impact of this vulnerability can be significant, especially for those relying on OneLogin ADC for Active Directory integration and SSO services. Exposure of API keys and AWS IAM credentials can lead to unauthorized access to cloud infrastructure, data exfiltration, and potential disruption of services. The disclosure of JWT signing keys compromises the integrity of authentication tokens, enabling attackers to forge tokens and impersonate users or services, undermining trust in the SSO environment. This can lead to widespread access compromise across multiple systems and services. Given the increasing adoption of cloud services and identity federation in Europe, exploitation could result in regulatory non-compliance (e.g., GDPR violations due to data breaches), financial losses, and reputational damage. The requirement for local or low privileged access reduces the attack surface but does not eliminate risk, especially in environments where insider threats or lateral movement by attackers are possible.

Mitigation Recommendations

European organizations should immediately verify their OneLogin ADC versions and upgrade to version 6.1.5 or later once available. Until patches are released, restrict access to systems hosting the ADC to trusted administrators only, and audit registry and log file permissions to prevent unauthorized access to the directory_token. Implement strict monitoring and alerting for unusual access patterns to the /api/adc/v4/configuration endpoint and for any anomalous use of exposed credentials. Rotate all potentially exposed credentials, including API keys, AWS IAM keys, and JWT signing keys, to invalidate any compromised secrets. Employ network segmentation to limit lateral movement opportunities and enforce the principle of least privilege for all users and services interacting with the ADC. Additionally, conduct regular security assessments and penetration tests focusing on credential exposure and local privilege escalation vectors. Finally, ensure comprehensive logging and incident response plans are in place to quickly detect and respond to exploitation attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulnCheck
Date Reserved
2025-04-15T19:15:22.549Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6863fa286f40f0eb728fdb2e

Added to database: 7/1/2025, 3:09:28 PM

Last enriched: 7/1/2025, 3:25:13 PM

Last updated: 8/18/2025, 1:06:14 AM

Views: 39

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats