Hi, Spring fans! As I write this I'm on a plane winging my way to Helsinki, Finland. A new year and new journeys begin. It's going to be cold there. Wish me luck! Do you know what always warms me up? ...
Continue Reading
January 10, 2023
[]() A high-severity security flaw has been disclosed ...
Continue Reading
January 10, 2023
github.com/robbert229/jwt is vulnerable to Timing Attacks. A remote attacker is able to determine the expected hash-based message authentication code(HMAC) with a large enough number of requests over ...
Continue Reading
January 10, 2023
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker ...
Continue Reading
January 09, 2023
### Summary The jwt authentication function of kubepi Read More ...
Continue Reading
January 06, 2023
# Description The jwt authentication function of kubepi Read More ...
Continue Reading
January 06, 2023
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker ...
Continue Reading
January 04, 2023
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine th ...
Continue Reading
December 31, 2022
Back to Main
