1630 matches found
CVE-2020-26511
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...
AZL-41684 CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...
DEBIAN-CVE-2020-26160
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...
Insecure Authentication
authmagic-timerange-stateless-core uses insecure authentication. When comparing signatures in the JSON web token JWT and refreshToken, the package does not verify the JWT token sent by user before reissuing a new token, allowing an attacker to forge a user's identity by modifying the payload and...
PT-2020-7931
Name of the Vulnerable Software and Affected Versions: jws versions prior to 3.0.0 Description: The issue allows a malicious actor to modify the contents of a JWT while still passing verification, potentially leading to a complete authentication bypass. This can be achieved by exploiting the...
h1-ctf: [H1-2006 2020] Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or using a custom API attack tool
H1-2006 CTF Writeup F859938 Summary: Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of...
Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account
Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its 'Sign in with Apple ' system. The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted...
How An Image Could've Let Attackers Hack Microsoft Teams Accounts
Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. The flaw,...
PT-2020-15041 · Istio · Istio
Name of the Vulnerable Software and Affected Versions: Kiali versions 0.4.0 through 1.15.0 Description: The issue is related to insufficient JWT validation, allowing a remote attacker to steal a valid JWT cookie and use it to spoof a user session. This could potentially grant privileges to view a...
Kiali has an unspecified vulnerability
Kiali is an open source, visual management tool for the Istio microservices architecture. A security vulnerability exists in kiali, which can be exploited by a remote attacker to gain privileges, view and modify the Istio configuration by stealing a valid JWT cookie and spoofing a user session...
kiali: ignoring JWT claim fields
An insufficient JWT validation vulnerability was found in Kiali, versions 0.4.0 to 1.15.0. A remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration...
drf-jwt Authorization Issues Vulnerability
drf-jwt is a JSON Web Token Authentication support package for the Django REST Framework. An authorization issue vulnerability exists in drf-jwt version 1.15.x prior to 1.15.1, which stems from an incompatibility between the blacklist protection mechanism and the token refresh feature, and can be...
CVE-2019-12511
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...
istio: unauthorised access to JWT protected HTTP path
An unauthorized access vulnerability was found in Istio in the servicemesh-proxy. An attacker can use this flaw to specify an HTTP path and gain unauthorized access, even if the path is configured to only be accessed with a valid JSON Web Token JWT...
CVE-2020-8595
An unauthorized access vulnerability was found in Istio in the servicemesh-proxy. An attacker can use this flaw to specify an HTTP path and gain unauthorized access, even if the path is configured to only be accessed with a valid JSON Web Token JWT. Mitigation Depending on the paths used in the...
GHSA-F6VF-PQ8C-69M4 Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash potential information disclosure or a potential authentication bypass...
CVE-2019-17195
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash potential information disclosure or a potential authentication bypass...
UBUNTU-CVE-2019-1010263
Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac. The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit...
CVE-2019-7644
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...
PT-2019-5775 · Influxdata +3 · Influxdb +3
Name of the Vulnerable Software and Affected Versions: InfluxDB versions prior to 1.7.6 Description: The issue is related to an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go due to a JWT token having an empty SharedSecret. This allows a remote...