RSS   Vulnerabilities for 'Jsonwebtoken'   RSS

2018-05-29
 
CVE-2015-9235

CWE-327
 

 
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).

 

 >>> Vendor: Auth0 5 Products
Auth0.js
Aspnet
Aspnet-owin
Passport-sharepoint
Jsonwebtoken


Copyright 2019, cxsecurity.com

 

Back to Top