CVE-2017-18239

Name of the Vulnerable Software and Affected Versions: authentikat-jwt versions 0.4.5 and earlier

Description: A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.

Recommendations: For versions 0.4.5 and earlier, consider disabling the JsonWebToken.validate method until a patch is available. Restrict access to the JsonWebToken validation process to minimize the risk of exploitation. Avoid using the JsonWebToken validation for critical authentication processes until the issue is resolved.