PT-2018-9435 · Auth0 · Json-Jwt
Reedloden
·
Publicado
2018-06-26
·
Atualizado
2018-09-02
·
CVE-2018-1000539
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
json-jwt versions 0.5.0 through 1.9.3
Description
The issue is related to the decryption of AES-GCM encrypted JSON Web Tokens, where an improper verification of cryptographic signatures can occur, allowing an attacker to forge an authentication tag. This can be exploited via network connectivity.
Recommendations
For json-jwt versions 0.5.0 through 1.9.3, update to version 1.9.4 or later to resolve the issue.
Exploit
Correção
Improper Verification of Cryptographic Signature
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Json-Jwt