AuthKit for Next.js Anti-Caching Header Vulnerability Allowing Session Token Leakage
Vulnerability
A vulnerability exists in the AuthKit library for Next.js, specifically in versions through 2.11.0. The issue arises because authenticated responses lack proper anti-caching headers. In environments with enabled CDN caching, this oversight can lead to session tokens being stored in cached responses and served to multiple users. While Next.js applications on Vercel are generally unaffected, those that manually enable CDN caching on authenticated paths could experience this issue.
Impact
This vulnerability can cause session tokens to be cached and potentially exposed to unauthorized users, allowing them to hijack another user's session.
Remediation
The vulnerability has been patched in AuthKit version 2.11.1, which adds the necessary anti-caching headers to all authenticated responses. Users should update to this version and review their application's caching policies to ensure sensitive information is not improperly cached.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.