Main Vulnerability Database Vulnerabilities #VU27007

Insufficiently protected credentials in auth0.js - CVE-2020-5263

Published: April 17, 2020

Vulnerability identifier: #VU27007

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-5263

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: auth0 on WordPress

Affected software:
auth0.js

Detailed vulnerability description

The vulnerability allows a remote user to gain access to sensitive information on the system.

The vulnerability exists due to the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. A remote administrator can gain access to sensitive information on the target system.

How to mitigate CVE-2020-5263

Install updates from vendor's website.

Sources

https://github.com/auth0/auth0.js/commit/355ca749b229fb93142f0b3978399b248d710828
https://github.com/auth0/auth0.js/security/advisories/GHSA-prfq-f66g-43mp

Insufficiently protected credentials in auth0.js - CVE-2020-5263

Detailed vulnerability description

How to mitigate CVE-2020-5263

Sources

Please verify you're human