The author found out that the HTTP endpoint used to generate a JWT token would a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gouggoug on May 31, 2020 \| parent \| context \| favorite \| on: Zero-day in Sign in with Apple The author found out that the HTTP endpoint used to generate a JWT token would accept any email and respond with a valid JWT token for that email address. He could literally send a POST request to that endpoint with arbitrary email addresses and get a valid JWT. This is clearly explained under the "BUG" section.

catlifeonmars on May 31, 2020 [–]

That part I understand. It’s unclear to me in which auth endpoint(s) and auth flow(s) are affected. Is it the token endpoint, or auth endpoint? Or is it somewhere in the login flow before the user agent is redirected to the token endpoint?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact