Maze Code found a Langfuse SSO bug. Are you affected? Find out how to fix it.
ID: 5010988a-9af5-5a0b-8fea-68c420e733f6
STIX ID: report--5010988a-9af5-5a0b-8fea-68c420e733f6
Feed Name: Blog – Maze
### Executive summary Maze Code found and validated an authentication-bypass vulnerability in Langfuse where the environment-based SSO enforcement was not applied to the email OTP (password-reset) sign-in path; on self-hosted instances with AUTH_DOMAINS_WITH_SSO_ENFORCEMENT set and SMTP configured (and in some Cloud configurations lacking per-domain SSO), an attacker who controls an existing account's mailbox can obtain a full session. The report gives code-level analysis, exploitation conditions, recommended mitigations (upgrade to v3.174.0, revoke mailboxes at offboarding, or disable SMTP), and the minimal code guard added to fix the issue.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
