PT-2018-12881 · Auth0 · Auth0-Aspnet-Owin+1
Kévin Chalet
·
Published
2018-08-29
·
Updated
2022-05-14
·
CVE-2018-15121
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Auth0 auth0-aspnet and auth0-aspnet-owin (affected versions not specified)
Description
An issue was discovered that leaves applications vulnerable to CSRF attacks during authentication and authorization operations. The affected packages do not use or validate the
state parameter of the OAuth 2.0 and OpenID Connect protocols.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Auth0-Aspnet
Auth0-Aspnet-Owin