Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-25191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS8.2AI score0.0089EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:40 a.m.13 views

CVE-2024-25191

php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS7AI score0.0089EPSS
Exploits1References1
NVD
NVD
added 2024/02/08 5:15 p.m.22 views

CVE-2024-25191

php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS9.6AI score0.0089EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2024/02/08 5:15 p.m.32 views

CVE-2024-25191

php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS7.2AI score0.0089EPSS
Exploits1References2
CVE
CVE
added 2024/02/08 12:0 a.m.169 views

CVE-2024-25191

CVE-2024-25191 affects the PHP-JWT library (version 1.0.0). The vulnerability arises because authentication verification uses strcmp, which is not constant-time, enabling bypass of authentication via a timing side channel. Documented impact is high: network access with no privileges required, and...

9.8CVSS9.4AI score0.0089EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder