CVE-2024-25190

l8w8jwt 2.2.1 uses memcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

Authentication flaw

l8w8jwt 2.2.1 uses memcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

l8w8jwt Security Breach

l8w8jwt is an open source, minimal, OpenSSL-free and ultra-lightweight JWT library written in C by Glitched Polygons GmbH. A security vulnerability exists in version 2.2.1 of l8w8jwt, which stems from the use of memcmp to authenticate, resulting in an authentication bypass vulnerability...

CVE-2024-25190

l8w8jwt 2.2.1 uses memcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

CVE-2024-25190

CVE-2024-25190 affects l8w8jwt v2.2.1, where authentication is verified using memcmp, which is not constant time. This creates a timing-side-channel vulnerability that can lead to authentication bypass. Several sources (Red Hat, NVD, OSV, CVE lists, and vendor/problem reports) describe the issue ...

CVE-2024-25190

l8w8jwt 2.2.1 uses memcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

PT-2024-20806 · L8W8Jwt · L8W8Jwt

Name of the Vulnerable Software and Affected Versions: l8w8jwt version 2.2.1 Description: The issue arises from the use of memcmp to verify authentication, which is not constant time. This makes it easier to bypass authentication via a timing side channel. Recommendations: For l8w8jwt version...