Security Advisory

CVE-2019-7644

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-04-11 19:44:18

Last updated 2024-08-04 20:54:28

Assigner mitre

State PUBLISHED

Description

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application.

← Browse all CVEs View on cve.org ↗