CVE-2024-1524
Undergoing Analysis Undergoing Analysis - In Progress
BaseFortify

Publication date: 2026-02-24

Last updated on: 2026-03-03

Assigner: WSO2 LLC

Description
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control. The Deployment should have: -An IDP configured for federated authentication with Silent JIT provisioning enabled. The malicious actor should have: -A fresh valid user account in the federated IDP that has not been used earlier. -Knowledge of the username of a valid user in the local IDP. -An account at the federated IDP matching the targeted local username.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-03-03
Generated
2026-05-07
AI Q&A
2026-02-24
EPSS Evaluated
2026-05-05
NVD
CVE-2024-1524
EUVD
EUVD-2024-17272
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
wso2 api_manager From 4.2.0 (inc) to 4.2.0.108 (exc)
wso2 identity_server From 6.0.0 (inc) to 6.0.0.171 (exc)
wso2 identity_server From 6.1.0 (inc) to 6.1.0.128 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs when the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP). In this scenario, if a federated user shares the same username as a local user, there is a risk that the local user's information may be replaced during the account provisioning process.

The vulnerability only manifests if certain conditions are met: the deployment must have an IDP configured for federated authentication with Silent JIT provisioning enabled, and a malicious actor must have a fresh valid user account in the federated IDP, know the username of a valid local user, and have an account at the federated IDP matching that local username.


How can this vulnerability impact me? :

If exploited, this vulnerability can allow a malicious actor to associate a targeted local user account with a federated IDP user account they control. This means the attacker could potentially replace or overwrite the local user's information during provisioning, leading to unauthorized access or impersonation.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the "Silent Just-In-Time Provisioning" feature is disabled unless absolutely necessary.

Verify that your deployment does not have an IDP configured for federated authentication with Silent JIT provisioning enabled.

Additionally, monitor and restrict the creation of fresh valid user accounts in the federated IDP that could match local usernames.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart