#account takeover

Security & Privacy

Auth0 Symfony SDK's Weak Cookie Encryption Opens Door to Account Takeovers

Auth0's Symfony SDK has a nasty entropy bug that turns session cookies into child's play for brute-forcers. One forged cookie, and boom – your users' accounts are theirs.