Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
1 Apr 2019
15 Feb 2019
Conny Dahlgren, Security Researcher at DevilSec AB
How to fix?
Auth0-WCF-Service-JWT to version 1.0.4 or higher.
Auth0-WCF-Service-JWT is a ServiceAuthorizationManager from WCF that will extract the bearer JWT from Authorization header, validate it and then set the principal to a ClaimsPrincipal.
Affected versions of this package are vulnerable to JWT Token Exposure. The library leaked a token signature in an error message which would allow an attacker to forge an arbitrary JWT token.