[]() While application development has evolved rapidly, the API man ...
Continue Reading
December 15, 2023
The D-Link D-View 8 web server running on the remote host uses a hard-coded key to protect a JWT token. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to bypass ...
Continue Reading
December 15, 2023
neuvector is vulnerable to Authentication Bypass. An attacker can reverse engineer a JWT token, forging a valid taken to perform malicious activity. This can lead to RCE.Read More ...
Continue Reading
December 15, 2023
### Impact A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. Th ...
Continue Reading
December 15, 2023
Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT t ...
Continue Reading
December 15, 2023
### Impact A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. Th ...
Continue Reading
December 15, 2023
Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as [CVE-2023-36845](), [CVE-2023-40044](), [CVE-2023-42793](), [CVE-2023-29357](), and [CVE-2023-2 ...
Continue Reading
December 15, 2023
Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as [CVE-2023-36845](), [CVE-2023-40044](), [CVE-2023-42793](), [CVE-2023-29357](), and [CVE-2023-2 ...
Continue Reading
December 15, 2023
Back to Main
