You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I hope you're doing well. I'm reaching out because I've encountered some high security vulnerabilities in my Next.js project, specifically related to NextAuth. Here are the details:
Next.js Version: ^13.4.12
NextAuth Version: ^4.10.3
Upon scanning my application with ZAP scanner, I've identified a couple of high-security vulnerabilities. Following are the details:
Name Risk Level Number of Instances
None Hashing Algorithm Attack High 3
Path Traversal High 1
I believe they might be related to how I've implemented NextAuth in my project. Below, I've provided the relevant code snippets for [...nextauth].ts and middleware:
I'm seeking guidance on how to address these vulnerabilities and ensure the security of my Next.js application using NextAuth. Any insights, best practices, or suggestions you can provide would be greatly appreciated.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi Team,
I hope you're doing well. I'm reaching out because I've encountered some high security vulnerabilities in my Next.js project, specifically related to NextAuth. Here are the details:
Next.js Version: ^13.4.12
NextAuth Version: ^4.10.3
Upon scanning my application with ZAP scanner, I've identified a couple of high-security vulnerabilities. Following are the details:
Name Risk Level Number of Instances
None Hashing Algorithm Attack High 3
Path Traversal High 1
Name: Path Traversal
URL: https://localhost:3000/api/auth/signin/keycloak
Method: POST
Attack: /keycloak
Instances: 1
Name: None Hashing Algorithm Attack
URL: https://localhost:3000/?auth_callback=1&state=d86b66b6-b8c8-4639-b98f-e207dab40d11&session_sta
Method: GET
Attack: eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJleHAiOjE3MTUwNzI0MjQsImlhdCI6MTcxNTA2ODgyNCwiYXV0aF90aW1lIjoxNzE1MDY4OD
I believe they might be related to how I've implemented NextAuth in my project. Below, I've provided the relevant code snippets for [...nextauth].ts and middleware:
[...nextauth].ts:
middleware.ts:
I'm seeking guidance on how to address these vulnerabilities and ensure the security of my Next.js application using NextAuth. Any insights, best practices, or suggestions you can provide would be greatly appreciated.
Thank you in advance for your help!
Best Regards,
Biswajit
Beta Was this translation helpful? Give feedback.
All reactions