Auth0-WCF-Service-JWT is vulnerable to information disclosure. The JWT signature is revealed in an error message when the JWT signature validation fails, allowing attackers to abuse the erroneous behavior to obtain and forge valid signatures for arbitrary tokens and bypass authentication and authorization mechanisms.
CPE | Name | Operator | Version |
---|---|---|---|
auth0-wcf-service-jwt | le | 1.0.3 |