Get the latest tech news

Okta's NextJS-0auth troubles

In October, I reported two security issues to Okta’s auth0/nextjs-auth0 project, here and here. The latter bug, an oauth parameter injection, allows for a range of types of abuse, like scoping tokens for unintended services, setting redirect_uri and scope to arbitrary values to leak tokens, and so on.

None

Get the Android app

Or read this on Hacker News

Related news:

Okta lays off 180 employees — nearly one year after last workforce reduction

What Okta’s failures say about the future of identity security in 2025

Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

« The marketing guru who helped turn Khosla Ventures into an AI powerhouse is moving on

Typesetting the "Begriffsschrift" by Gottlob Frege in Plain TeX [pdf] »