Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://auth0.com/docs/security/bulletins/cve-2019-7644 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-11T19:44:18
Updated: 2024-08-04T20:54:28.292Z
Reserved: 2019-02-08T00:00:00
Link: CVE-2019-7644
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-04-11T20:29:00.760
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-7644
Redhat
No data.