CVE-2024-25190

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions l8w8jwt version 2.2.1

Description The issue arises from the use of memcmp to verify authentication, which is not constant time. This makes it easier to bypass authentication via a timing side channel.

Recommendations For l8w8jwt version 2.2.1, consider using a constant-time comparison function to verify authentication as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2024-25190

Affected Products

L8W8Jwt

CVE-2024-25190

Weakness Enumeration

Related Identifiers

Affected Products

References · 5