"Auth0 Subdomain Flaw Puts Users at Risk"
Security researcher Daniel Svartman of Imperva discovered a flaw in the subdomain naming system in Auth0, an identity-as-a-service that provides subdomain names for approximately 2000 customers. The flaw allows an attacker to use the same subdomain name as the legitimate website in a different region, giving way for unsuspecting users to hand over sensitive information. This article further discusses the flaw, how attackers can exploit it, and what Auth0 is doing to mitigate those risks.
Submitted by Anonymous
on