2 matches found
CVE-2017-18239
The CVE-2017-18239 entry concerns the authentikat-jwt library (Scala) in main/scala/authentikat/jwt/JsonWebToken.scala. A time-sensitive equality check in JsonWebToken.validate for the JWT signature (versions 0.4.5 and earlier) can allow an attacker to recover the signature bit-by-bit by issuing ...
CVE-2017-18239
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt aka com.jason-goodwin/authentikat-jwt version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature b...