n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss.

A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them. Their password never

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has

How to Become a Person After Smartphones Have Rotted Your Brain

How to Become a Person After Smartphones Have Rotted Your Brain Source: Hacker News

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations An Iranian hacking group affiliated with Iran’s Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented