9 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-25189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...
Debian dla-3739 : libjwt-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3739 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3739-1 [email protected] https://www.debian.org/lts/security/...
Debian: Security Advisory (DLA-3739-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3739-1] libjwt security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3739-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 24, 2024 https://wiki.debian.org/LTS -...
CVE-2024-25189
creationtimestamp| type| source ---|---|--- 2024-02-08 18:22:24+00:00| seen| https://t.me/ctinow/181529 2024-02-15 08:17:09+00:00| seen| https://t.me/ctinow/185328 2024-03-02 12:41:45+00:00| seen| https://t.me/ctinow/198338...
CVE-2024-25189
libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...
CVE-2024-25189
libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...
CVE-2024-25189
The CVE concerns libjwt: 1.15.3 uses strcmp (not constant time) to verify authentication, enabling a timing side‑channel bypass. Connected sources confirm this is a legitimate vulnerability with high impact (CVE-2024-25189) and note Debian LTS advisories and Debian/DLA entries recommending an upg...
CVE-2024-25189
libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...