PT-2018-12881 · Auth0 · Auth0-Aspnet-Owin+1
Kévin Chalet
·
Publicado
2018-08-29
·
Atualizado
2022-05-14
·
CVE-2018-15121
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Auth0 auth0-aspnet and auth0-aspnet-owin (affected versions not specified)
Description
An issue was discovered that leaves applications vulnerable to CSRF attacks during authentication and authorization operations. The affected packages do not use or validate the
state parameter of the OAuth 2.0 and OpenID Connect protocols.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Auth0-Aspnet
Auth0-Aspnet-Owin