A critical vulnerability has been found in the Auth0-PHP SDK that could let attackers bypass authentication by brute-forcing session cookie tags.
Auth0-PHP Vulnerability
It affects version 8.0.0-BETA1 and newer when using the CookieStore setting for session management. The issue lies in how the SDK secures session cookies—attackers can exploit weak authentication tags to forge valid sessions and gain unauthorized access.
Okta (Auth0’s parent company) has released a fix in version 8.14.0 and urges all users to update immediately. If left unpatched, attackers could hijack user sessions, access sensitive data, or perform unauthorized actions.
This flaw breaks the trust between the client and server in affected apps, making it a high-priority security issue.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment