Improper Authentication Affecting authmagic-timerange-stateless-core package, versions *
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-AUTHMAGICTIMERANGESTATELESSCORE-674658
- published 16 Sep 2020
- disclosed 16 Sep 2020
- credit ermilov
How to fix?
There is no fixed version for authmagic-timerange-stateless-core
.
Overview
authmagic-timerange-stateless-core is a
Affected versions of this package are vulnerable to Improper Authentication. The module is defined to handle authentication but does not validate the JWT token sent by the user when reissuing a new token (POST request to /token
endpoint). Therefore it allows modifying payload within the token and also reissuing new token which will be signed by the system and become valid. This weakness provides an opportunity to forge the user's identity by changing the information inside the token's payload that is used to authenticate the client