Vulnerabilities > CVE-2015-10004 - Exposure of Resource to Wrong Sphere vulnerability in Json web Token Project Json web Token

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
json-web-token-project
CWE-668

Summary

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.

Vulnerable Configurations

Part Description Count
Application
Json_Web_Token_Project
1

Common Weakness Enumeration (CWE)