5 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-25191
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...
CVE-2024-25191
php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...
CVE-2024-25191
php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...
CVE-2024-25191
php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...
CVE-2024-25191
CVE-2024-25191 affects the PHP-JWT library (version 1.0.0). The vulnerability arises because authentication verification uses strcmp, which is not constant-time, enabling bypass of authentication via a timing side channel. Documented impact is high: network access with no privileges required, and...