Primary

Context

Para Facebook Authentication Logging Vulnerability Exposing Access Tokens

Vulnerability

Patched

A vulnerability in Para versions prior to 1.50.8 allows for the logging of sensitive information during Facebook authentication. Specifically, when a request to retrieve a user's profile fails, the access token is included in the log at WARN level, in plain text. This exposure is concerning because such logs are typically retained in production environments and can be accessed by operators or log aggregation systems.

Impact

The vulnerability leads to the unintentional exposure of Facebook access tokens in application logs, where they can be accessed by operators or through log aggregation systems.

Remediation

Users can upgrade to Para version 1.50.8 or later to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Para Facebook Authentication Logging Vulnerability Exposing Access Tokens

Vulnerability

Impact

Remediation

Affected Products

Erudika Para

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating