[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Authentication Bypass Vulnerability in the Auth0 Identity Platform

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Authentication Bypass Vulnerability in the Auth0 Identity Platform
From: Nahuel Grisolia <nahuel@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 4 Apr 2018 14:39:02 -0300

Six months ago we discovered an Authentication Bypass Vulnerability in the 
Auth0 platform. After working with them, today, we can disclose the full 
details:

https://medium.com/@cintainfinita/knocking-down-the-big-door-8e2177f76ea5 
<https://medium.com/@cintainfinita/knocking-down-the-big-door-8e2177f76ea5>

"With more than 2000 enterprise customers and managing 42 million logins every 
single day, Auth0 is one of the biggest Identity Platforms. In this post we 
will tell the story of how we, at Cinta Infinita, found an Authentication 
Bypass Vulnerability that affected any application using Auth0 (for username 
and password authentication) in the context of an independent non-profitable 
research.
We will demonstrate the flaw attacking the Auth0 Management Console (used as 
one exploitable example application).”

Kindest regards,

Nahuel Grisolía
Cinta Infinita - Founder / CEO
http://cintainfinita.com
https://www.linkedin.com/in/nahuelgrisolia


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: Re: [FD] Massive Breach in Panera Bread
Next by Date: [FD] DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability
Previous by thread: [FD] [FIXED TYPO **] CVE-2018-9233 Sophos Endpoint Protection Control Panel v10.7 / Insecure Crypto
Next by thread: [FD] DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability
Index(es):
- Date
- Thread