QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34064

Published: Jul 1, 2025

Modified: Jul 1, 2025

PUBLISHED

Description

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.

Vendor	Product	Versions
One Identity	OneLogin Active Directory Connector (ADC)	affected `0 - < 6.1.5`

Weaknesses (CWE)

References

https://support.onelogin.com/product-notification/noti-00001768

vendor-advisory

patch

https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys/

technical-description

https://vulncheck.com/advisories/onelogin-ad-connector-account-compromise

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.