PT-2020-21506 — Improper Authentication in Laravel Express-Laravel-Passport

PT-2020-21506 · Laravel · Express-Laravel-Passport

Published

2020-09-04

Updated

2020-09-04

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions express-laravel-passport versions prior to 2.0.5

Description The issue allows attackers to bypass authentication by impersonating other users due to the package's failure to properly validate JWTs. This can be achieved by sending HTTP requests.

Recommendations Upgrade to version 2.0.5 or later.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

GHSA-V66P-W7QX-WV98

Affected Products

Express-Laravel-Passport

PT-2020-21506 · Laravel · Express-Laravel-Passport

Weakness Enumeration

Related Identifiers

Affected Products

References · 3