7 matches found
com.limitra.sdk:web_2.12 (>=0.0.1 <=0.0.13) potentially affected by CVE-2017-18239 via com.jason-goodwin:authentikat-jwt_2.12 (=0.4.5)
com.jason-goodwin:authentikat-jwt2.12 MAVEN version =0.4.5 is affected by a known vulnerability. The following packages have a transitive dependency on com.jason-goodwin:authentikat-jwt2.12 and may be impacted: - com.limitra.sdk:web2.12 =0.0.1, =0.0.13 Source cves: CVE-2017-18239 Source advisory:...
GHSA-3RHM-67J6-42JQ Exposure of Sensitive information in authentikat-jwt
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt aka com.jason-goodwin/authentikat-jwt version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature b...
Exposure of Sensitive information in authentikat-jwt
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt aka com.jason-goodwin/authentikat-jwt version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature b...
Unspecified vulnerability in authentikat-jwt
authentikat-jwt aka com.jason-goodwin/authentikat-jwt is a JWT Scala implementation. A security vulnerability exists in the JsonWebToken.validate method of the main/scala/authentikat/jwt/JsonWebToken.scala file in authentikat-jwt 0.4.5 and earlier. No details of the vulnerability are provided at...
Timing Attack
authentikat-jwt is vulnerable to timing attacks. The vulnerability exists as the insecure function, contentEquals, used to compare between two given signatures in verify, was not constant, and results in the leaking of sensitive information from the signature...
Input validation
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt aka com.jason-goodwin/authentikat-jwt version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature b...
CVE-2017-18239
The CVE-2017-18239 entry concerns the authentikat-jwt library (Scala) in main/scala/authentikat/jwt/JsonWebToken.scala. A time-sensitive equality check in JsonWebToken.validate for the JWT signature (versions 0.4.5 and earlier) can allow an attacker to recover the signature bit-by-bit by issuing ...