9 matches found
USN-8133-1 pyjwt vulnerability
It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions...
EUVD-2021-18484
Malware in sbrugna...
CVE-2021-31590
PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...
PwnDoc has an unspecified vulnerability
PwnDoc is an application. The penetration test report generator PwnDoc version 2021-04-22 and prior versions has a security vulnerability that stems from incorrect JSON Webtoken handling, which could be exploited by an attacker to cause incorrect access control...
CVE-2021-31590
PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...
CVE-2021-31590
PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...
Authentication flaw
PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...
CVE-2021-31590
PwnDoc (up to 0.4.0 as of 2021-08-23) contains a JWT handling flaw that enables improper access control. A valid JSON Web Token used for authentication/authorization can preserve admin privileges when a user is downgraded to “user,” and even after account deletion the attacker can access the admi...
CVE-2021-31590
PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...