/
Security Advisory WSO2-2021-1524
com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links' is unknown.

Security Advisory WSO2-2021-1524

Owned by Former user (Deleted)
Last updated: May 19, 2022

Published: 9th May 2022

Version: 1.0.0

Severity: Medium

CVSS Score:  6.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)


AFFECTED PRODUCTS

WSO2 API Manager : 2.6.0 , 3.0.0 , 3.1.0 , 3.2.0 , 4.0.0
WSO2 IS as Key Manager : 5.7.0 , 5.9.0 , 5.10.0
WSO2 Identity Server : 5.7.0 , 5.8.0 , 5.9.0 , 5.10.0 , 5.11.0


OVERVIEW

Improper authentication in the FIDO Rest API.


DESCRIPTION

FIDO API can be accessed using the username and the password of a user, due to the improper authentication in the FIDO Rest API.


IMPACT

This vulnerability only impacts authentication flows where the FIDO authenticator is used. Additionally, in order to leverage this vulnerability a malicious actor should have the valid username and password of the targeted victim. If such information could be obtained, a malicious actor can invoke the FIDO endpoint using the username and password of the victim. Doing so, the malicious actor could register malicious devices to bypass FIDO authentication.


SOLUTION

You may apply the relevant fixes to the product based on the public fixes as given below:

Note: If you are a WSO2 customer with Support Subscription, please use WSO2 Updates in order to apply the fix.

Related content

com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links2' is unknown.