Vulnerabilities > CVE-2017-18239 - Unspecified vulnerability in Authentikat-Jwt Project Authentikat-Jwt

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

authentikat-jwt-project

NVD

Published: 2018-03-18

Updated: 2019-10-03

Summary

A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.

Vulnerable Configurations

Part	Description	Count
Application	Authentikat-Jwt_Project Authentikat JWT Project Authentikat JWT 0.3.1 Authentikat JWT Project Authentikat JWT 0.3.3 Authentikat JWT Project Authentikat JWT 0.3.5 Authentikat JWT Project Authentikat JWT 0.4.0 Authentikat JWT Project Authentikat JWT 0.4.1 Authentikat JWT Project Authentikat JWT 0.4.3 Authentikat JWT Project Authentikat JWT 0.4.4 Authentikat JWT Project Authentikat JWT 0.4.5	8

Summary

Vulnerable Configurations

References