Authentication Bypass Vulnerability in the Auth0 Identity Platform

[Nahuel Grisolia <nahuel () cintainfinita com ar>]

Six months ago we discovered an Authentication Bypass Vulnerability in the Auth0 platform. After working with them, 
today, we can disclose the full details:

https://medium.com/@cintainfinita/knocking-down-the-big-door-8e2177f76ea5 
<https://medium.com/@cintainfinita/knocking-down-the-big-door-8e2177f76ea5>

"With more than 2000 enterprise customers and managing 42 million logins every single day, Auth0 is one of the biggest 
Identity Platforms. In this post we will tell the story of how we, at Cinta Infinita, found an Authentication Bypass 
Vulnerability that affected any application using Auth0 (for username and password authentication) in the context of an 
independent non-profitable research.
We will demonstrate the flaw attacking the Auth0 Management Console (used as one exploitable example application).”

Kindest regards,

Nahuel Grisolía
Cinta Infinita - Founder / CEO
http://cintainfinita.com
https://www.linkedin.com/in/nahuelgrisolia


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/