10 matches found
EUVD-2019-8947
Malware in sbrugna...
CVE-2019-19324
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...
The vulnerability of the JWT library cjwt, related to incorrect verification of the cryptographic signature, allows attackers to circumvent security restrictions.
The vulnerability of the JWT library cjwt is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...
CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt
cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...
CVE-2024-54150
CVE-2024-54150 (cjwt) is a vulnerability in the C JWT implementation where signature verification fails to differentiate between symmetric and asymmetric signing methods (e.g., HS256 vs RS256/PS/EC). The root cause is algorithm confusion during verification, which can allow an attacker to forge t...
cjwt 数据伪造问题漏洞
cjwt is a small JWT handler open-sourced by Xmidt. A data forgery vulnerability exists in cjwt version v2.2.0, which stems from an algorithmic obfuscation issue, where the system mishandles the verification of signature types and fails to differentiate between signature tokens, allowing an attack...
CVE-2019-19324
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...
CVE-2019-19324
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...
CVE-2019-19324
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...
CVE-2019-19324
Xmidt cjwt (C library) before 2019-11-25 and version 1.0.1 and earlier maps unsupported JWT algorithms to alg=none, which can lead to untrusted accidental JWT acceptance. Affected component: Xmidt cjwt; root cause: permissive/incorrect handling of algorithm values; impact: potential for accepting...