Auth0 Glitch Allows Attackers to Launch Phishing Attacks

June 7, 2018


Researchers are warning of a glitch in the Auth0 identity-as-a-service offering, which could allow bad actors to spoof a legitimate website and collect sensitive information from visitors.

Researchers at Imperva on Tuesday found that the subdomain names of Auth0 are susceptible to security issues, allowing attackers to launch phishing attacks, harvest user credentials, or even possibly launching cryptomining attacks.

Auth0 after this article was originally published reached out to deny and call into question Imperva’s blog post, citing “factual inaccuracies” within the blog.

Read More on Threat Post