EUVD-2015-3035

Malware in sbrugna...

F21 JWT JWT.PHP Signature Bypass Vulnerability

F21 JWT provides PHP libraries for processing JSON WEB tokens. A security vulnerability in F21 JWT JWT.php allows remote attackers to bypass signature verification by submitting a special token...

CVE-2015-2951

JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens...

Design/Logic Flaw

JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens...

CVE-2015-2951

JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens...

CVE-2015-2951

The CVE-2015-2951 detail involves the F21 JWT PHP library (JWT.php) where versions before 2.0 fail to verify token signatures, enabling remote attackers to bypass signature verification via crafted tokens. Affected component is the PHP JWT token processor; root cause is signature verification byp...

F21 JWT fails to verify token signatures

Overview JWT provided by F21 is a PHP library for handling JSON Web Tokens. php-jwt contains a vulnerability where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. and Shuntaro Maeda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

JVN#06120222: F21 JWT fails to verify token signatures

JWT provided by F21 is a PHP library for handling JSON Web Tokens. JWT contains a vulnerability where it fails to verify token signatures. Impact Specially crafted tokens may be validated as token data with valid signatures. Solution Update the Software Update to the latest version according to t...