A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platforms. Researchers from security firm Cinta Infinita discovered a flaw (CVE-2018-6873) in Auth0’s, which resides due to improper validation of the JWT audience parameter. The company has mitigated the vulnerabilities by extensively rewriting the affected libraries and releasing new versions of its SDKs (auth0.js 9 and Lock 11) The company acted very fast and addressed the weakness in less than 4 hours.
Source: https://thehackernews.com/2018/04/auth0-authentication-bypass.html