GHSA-3RHM-67J6-42JQ Exposure of Sensitive information in authentikat-jwt

A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt aka com.jason-goodwin/authentikat-jwt version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature b...

Exposure of Sensitive information in authentikat-jwt

A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt aka com.jason-goodwin/authentikat-jwt version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature b...

Timing Attack

authentikat-jwt is vulnerable to timing attacks. The vulnerability exists as the insecure function, contentEquals, used to compare between two given signatures in verify, was not constant, and results in the leaking of sensitive information from the signature...

Input validation

A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt aka com.jason-goodwin/authentikat-jwt version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature b...

CVE-2017-18239

The CVE-2017-18239 entry concerns the authentikat-jwt library (Scala) in main/scala/authentikat/jwt/JsonWebToken.scala. A time-sensitive equality check in JsonWebToken.validate for the JWT signature (versions 0.4.5 and earlier) can allow an attacker to recover the signature bit-by-bit by issuing ...