Lucene search
K

7 matches found

vulnersOsv
vulnersOsv
added 2018/11/09 5:50 p.m.3 views

com.limitra.sdk:web_2.12 (>=0.0.1 <=0.0.13) potentially affected by CVE-2017-18239 via com.jason-goodwin:authentikat-jwt_2.12 (=0.4.5)

com.jason-goodwin:authentikat-jwt2.12 MAVEN version =0.4.5 is affected by a known vulnerability. The following packages have a transitive dependency on com.jason-goodwin:authentikat-jwt2.12 and may be impacted: - com.limitra.sdk:web2.12 =0.0.1, =0.0.13 Source cves: CVE-2017-18239 Source advisory:...

9.8CVSS7.8AI score0.02032EPSS
Exploits0
OSV
OSV
added 2018/11/09 5:50 p.m.1 views

GHSA-3RHM-67J6-42JQ Exposure of Sensitive information in authentikat-jwt

A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt aka com.jason-goodwin/authentikat-jwt version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature b...

9.8CVSS5.9AI score0.02032EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2018/11/09 5:50 p.m.25 views

Exposure of Sensitive information in authentikat-jwt

A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt aka com.jason-goodwin/authentikat-jwt version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature b...

9.8CVSS3.7AI score0.02032EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2018/03/20 12:0 a.m.4 views

Unspecified vulnerability in authentikat-jwt

authentikat-jwt aka com.jason-goodwin/authentikat-jwt is a JWT Scala implementation. A security vulnerability exists in the JsonWebToken.validate method of the main/scala/authentikat/jwt/JsonWebToken.scala file in authentikat-jwt 0.4.5 and earlier. No details of the vulnerability are provided at...

9.8CVSS6.9AI score0.02032EPSS
Exploits0References1
Veracode
Veracode
added 2018/03/19 3:22 a.m.25 views

Timing Attack

authentikat-jwt is vulnerable to timing attacks. The vulnerability exists as the insecure function, contentEquals, used to compare between two given signatures in verify, was not constant, and results in the leaking of sensitive information from the signature...

9.8CVSS8.9AI score0.02032EPSS
Exploits0References3Affected Software3
Prion
Prion
added 2018/03/18 3:29 a.m.16 views

Input validation

A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt aka com.jason-goodwin/authentikat-jwt version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature b...

5CVSS9.3AI score0.02032EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/03/18 3:0 a.m.63 views

CVE-2017-18239

The CVE-2017-18239 entry concerns the authentikat-jwt library (Scala) in main/scala/authentikat/jwt/JsonWebToken.scala. A time-sensitive equality check in JsonWebToken.validate for the JWT signature (versions 0.4.5 and earlier) can allow an attacker to recover the signature bit-by-bit by issuing ...

9.8CVSS9.3AI score0.02032EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder