JSON Web Token - API Security Blog

Use of Hard-coded Credentials in AgileConfig.Client

Hardcoded JWT Secret in AgileConfig Read More ...

30 августа, 2022

CVSS3 - CRITICAL

What are JWT Injections, and Why do You Need to Know About Them

JSON Web Tokens (JWTs for short) are the new standard for transmitting identity information in the digital age. JWTs are JSON objects that act as an identifier for your user or application. Theyre u ...

26 августа, 2022

CVSS3 - MEDIUM

CVSS2 - MEDIUM

This Week in Spring – August 23rd, 2022

Hi, Spring fans! Welcome to another installment of _This Week in Spring_! We've got a _ton_ to cover, so let's dive right into it! * [A Bootiful Podcast: Flowable founder Joram Barrez on a Bootiful ...

23 августа, 2022

CVE-2022-35540

Hardcoded JWT Secret in AgileConfig Read More ...

18 августа, 2022

Cockpit Content Platform vulnerable to 2FA bypass

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an att ...

18 августа, 2022

CVSS3 - HIGH

Cockpit Content Platform vulnerable to 2FA bypass

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an att ...

18 августа, 2022

CVSS3 - HIGH

Ubuntu 22.04 LTS : PyJWT regression (USN-5526-2)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5526-2 advisory. Note that Nessus has not tested for this issue but has instead re ...

18 августа, 2022

PyJWT regression

USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. We apologize f ...

16 августа, 2022