Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Auth0 Auth0-WCF-Service-JWT 授权问题漏洞
Vulnerability Description
Auth0 Auth0-WCF-Service-JWT是美国Auth0公司的一款能够从Authorization标头中提取和验证JWT的软件包。 Auth0 Auth0-WCF-Service-JWT 1.0.4之前版本中存在安全漏洞,该漏洞源于在无法成功验证JWT签名时,程序会在错误消息中显示有关正确签名的敏感信息。攻击者可利用该漏洞伪造任意的JWT令牌。
CVSS Information
N/A
Vulnerability Type
N/A