Marcinhoppe

**Name of the Vulnerable Software and Affected Versions** auth0.js versions 8.0.0 through 9.12.3 auth0.js versions 8.0.0 through 9.13.1 **Description** In the case of an authentication error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. **Recommendations** For versions 8.0.0 through 9.12.3, upgrade to version 9.12.3 or later. For versions 8.0.0 through 9.13.1, upgrade to version 9.13.2 or later. As a temporary workaround, consider not storing the error object or displaying it publicly without modification to minimize the risk of password exposure.