2 matches found
CVE-2024-5684 ID Charger Connect & Pro - JWT-Null-Algorithm
An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...
Authentication Bypass
namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation which permits tokens signed with 'none' algorithms to be processed, effectively allowing authentication to bypass signature validation...