Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAuth0 Wcf Service Jwt
APPAuth0< 1.0.4
Related vulnerabilities
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that c...
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token di...
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not...
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, t...
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19...