RSS   Vulnerabilities for 'Jsonwebtoken'   RSS

2018-05-29
 
CVE-2015-9235

CWE-327
 

 
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).

 

 >>> Vendor: Auth0 12 Products
Auth0.js
Aspnet
Aspnet-owin
Passport-sharepoint
Jsonwebtoken
LOCK
Login by auth0
Wp-auth0
Express-jwt
Auth0
Nextjs-auth0
Express openid connect


Copyright 2024, cxsecurity.com

 

Back to Top