Diamond Member ThaHaka 0 Posted 19 hours ago Diamond Member Share Posted 19 hours ago This is the hidden content, please Sign In or Sign Up n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them. Their password never This is the hidden content, please Sign In or Sign Up 0 Quote Link to comment https://hopzone.eu/forums/topic/321865-h4ckn3wsn8n-token-exchange-flaw-could-let-attackers-log-in-as-users-from-another-issuer/ Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.