Lucene search
K

4 matches found

Circl
Circl
added 2021/09/29 12:36 a.m.6 views

CVE-2021-41106

creationtimestamp| type| source ---|---|--- 2021-09-29 00:36:13+00:00| seen| https://t.me/cibsecurity/29605...

4.4CVSS4.1AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/28 8:50 p.m.19 views

CVE-2021-41106 File reference keys leads to incorrect hashes on HMAC algorithms

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

4.4CVSS5.1AI score0.00199EPSS
Exploits0References3
Friends Of PHP
Friends Of PHP
added 2021/09/28 7:36 p.m.19 views

CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms

Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users...

4.4CVSS4.4AI score0.00199EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/09/28 7:36 p.m.17 views

CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms

Description Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and,...

2.1CVSS0.2AI score0.00199EPSS
Exploits0Affected Software1
Rows per page
Query Builder