OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse() method silently discards the signature segment of the compact JWT (header.payload.signature), and the getAccessToken() methods in both OpenIdConnectApi and OpenIdConnectFullConfigurableApi only validate claim-level fields (issuer, audience, state, nonce) without any cryptographic signature verification against the Identity Provider's JWKS endpoint. This issue has been patched in version 20.2.5.
The JSONWebToken.parse() method silently discards the JWT token signature segment (header.payload.signature), thereby ignoring its cryptographic integrity. The getAccessToken() methods in OpenIdConnectApi and OpenIdConnectFullConfigurableApi classes verify only fields at the claims level (issuer, audience, state, nonce), but do not perform any signature verification against the identity provider's public key (JWKS endpoint). As a result, an attacker can craft or modify a JWT token with arbitrary claims — for example, impersonating another user or administrator — and it will be accepted by the system without any cryptographic verification.
An attacker without any privileges and without user interaction can gain full unauthorized access to other users' accounts, including administrators, leading to violation of confidentiality, integrity, and availability of data stored on the platform.
OpenOLAT should be updated to version 20.2.5 or later, where the issue has been fixed. If immediate update is not possible, consider disabling or restricting access to OpenID Connect login functionality until the patch is deployed.
OpenOLAT in versions from 10.5.4 to before 20.2.5 (configurations using OpenID Connect implicit flow)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFrentix Openolat
APPFrentix10.5.4 – 20.2.5 (bez)
Related vulnerabilities
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication....
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to ...
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a le...
OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using ...
OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions pr...