CyberSecurity News
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
AI summary
A vulnerability in the n8n workflow automation platform allowed attackers to log in as users from a different issuer. The issue occurred in Enterprise instances that trusted multiple external token issuers, where the platform matched incoming JWT tokens to local users based solely on the sub claim, ignoring the issuer. This meant that a valid token from one issuer could be used to log in as a user from another issuer if the sub claim matched. As a result, an attacker could gain access to an account without knowing the password. The flaw enabled unauthorized access to accounts by exploiting the token exchange mechanism.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.

