RSS   Vulnerabilities for 'Aspnet'   RSS

2018-08-28
 
CVE-2018-15121

CWE-352
 

 
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.

 

 >>> Vendor: Auth0 3 Products
Auth0.js
Aspnet
Aspnet-owin


Copyright 2018, cxsecurity.com

 

Back to Top