4 matches found
python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...
CVE-2024-48930
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...
CVE-2023-43631
The CVE-2023-43631 issue affects the Pillar/EVE container in EVE OS. On boot, the container checks for /config/authorized_keys and, if a valid public key is present, enables SSH on port 22 for root login. The /config partition is not protected by measured boot, is mutable, and unencrypted, allowi...
PT-2022-15770 · Unknown · Sweet B Library
Name of the Vulnerable Software and Affected Versions: Sweet B library affected versions not specified Description: The issue arises from an incorrect choice of sign bit when compressing or decompressing elliptic curve points using the Sweet B library. An attacker with user-level privileges can...