#VU27007 Insufficiently protected credentials in auth0.js - CVE-2020-5263
Published: April 17, 2020
Vulnerability identifier: #VU27007
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-5263
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
auth0.js
auth0.js
Software vendor:
auth0 on WordPress
auth0 on WordPress
Description
The vulnerability allows a remote user to gain access to sensitive information on the system.
The vulnerability exists due to the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. A remote administrator can gain access to sensitive information on the target system.
Remediation
Install updates from vendor's website.