Launch Week Day 1: Announcing Security Design Review

Cross-Site Request Forgery (CSRF) in Auth0

GHSA-wv26-rj8c-4r33 · CVE-2018-6874

Published Nov 6, 2018 · Modified Nov 8, 2023

Description

CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes