PT-2024-20804 · Libjwt · Libjwt

P3Ngu1Nw

·

Published

2024-02-08

·

Updated

2025-11-18

·

CVE-2024-25189

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libjwt version 1.15.3
Description The issue arises from the use of strcmp to verify authentication, which is not a constant time operation. This makes it easier for attackers to bypass authentication via a timing side channel.
Recommendations For libjwt version 1.15.3, consider updating to a version that uses constant time string comparison to mitigate the risk of timing side channel attacks.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2024-25189
DLA-3739-1

Affected Products

Libjwt