CVE-2016-7037

Name of the Vulnerable Software and Affected Versions jwt versions prior to 1.0.3

Description The issue concerns a timing attack that can be used to spoof signatures. This is due to the verify function in Encryption/Symmetric.php not utilizing a timing-safe function for hash comparison, allowing attackers to exploit this weakness.

Recommendations For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue.