Vulnerabilities > CVE-2015-10004 - Exposure of Resource to Wrong Sphere vulnerability in Json web Token Project Json web Token

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

json-web-token-project

CWE-668

NVD

Published: 2022-12-27

Updated: 2023-01-06

Summary

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.

Vulnerable Configurations

Part	Description	Count
Application	Json_Web_Token_Project Json WEB Token Project Json WEB Token -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654
https://pkg.go.dev/vuln/GO-2020-0023
https://github.com/robbert229/jwt/issues/12