Authentication Bypass
Discription
@strapi/plugin-users-permissions is vulnerable to Authentication Bypass. When using the `AWS Cognito` login provider for authentication, the library doesn’t check access or ID tokens generated throughout the `OAuth` flow. A remote attacker might impersonate any user using `AWS Cognito` by fabricating an ID token signed using the `None` type algorithm, bypassing authentication.Read More
References
Back to Main