In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBK ...
Continue Reading11 февраля, 2024
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBK ...
Continue Reading11 февраля, 2024
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBK ...
Continue Reading11 февраля, 2024
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side...Read More ...
Continue Reading10 февраля, 2024
Impact This is a privilege escalation vulnerability. The impact is negligible and entirely theoretical. A non-exploitable weakness was found in how the client-supplied JWTs are verified. Because an ex ...
Continue Reading09 февраля, 2024
Impact This is a privilege escalation vulnerability. The impact is negligible and entirely theoretical. A non-exploitable weakness was found in how the client-supplied JWTs are verified. Because an ex ...
Continue Reading09 февраля, 2024
An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege...Read More ...
Continue Reading09 февраля, 2024
An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege...Read More ...
Continue Reading09 февраля, 2024
Back to Main