Six months ago we discovered an Authentication Bypass Vulnerability in the 
Auth0 platform. After working with them, today, we can disclose the full 
details:

https://medium.com/@cintainfinita/knocking-down-the-big-door-8e2177f76ea5 
<https://medium.com/@cintainfinita/knocking-down-the-big-door-8e2177f76ea5>

"With more than 2000 enterprise customers and managing 42 million logins every 
single day, Auth0 is one of the biggest Identity Platforms. In this post we 
will tell the story of how we, at Cinta Infinita, found an Authentication 
Bypass Vulnerability that affected any application using Auth0 (for username 
and password authentication) in the context of an independent non-profitable 
research.
We will demonstrate the flaw attacking the Auth0 Management Console (used as 
one exploitable example application).”

Kindest regards,

Nahuel Grisolía
Cinta Infinita - Founder / CEO
http://cintainfinita.com
https://www.linkedin.com/in/nahuelgrisolia


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Reply via email to