Medium severityNVD Advisory· Published Jul 1, 2025· Updated Jun 17, 2026
CVE-2025-34062
CVE-2025-34062
Description
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext response disclosing sensitive credentials. These may include an API key, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant’s SSO IdP configuration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <6.1.5
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.