Lucene search
K

7 matches found

NVD
NVD
added 2024/02/08 5:15 p.m.17 views

CVE-2024-25190

l8w8jwt 2.2.1 uses memcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS9.5AI score0.00899EPSS
Exploits1References1
Prion
Prion
added 2024/02/08 5:15 p.m.14 views

Authentication flaw

l8w8jwt 2.2.1 uses memcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

7.5CVSS7.3AI score0.00899EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/08 12:0 a.m.127 views

CVE-2024-25190

CVE-2024-25190 affects l8w8jwt v2.2.1, where authentication is verified using memcmp, which is not constant time. This creates a timing-side-channel vulnerability that can lead to authentication bypass. Several sources (Red Hat, NVD, OSV, CVE lists, and vendor/problem reports) describe the issue ...

9.8CVSS9.4AI score0.00899EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/08 12:0 a.m.16 views

CVE-2024-25190

l8w8jwt 2.2.1 uses memcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

7AI score0.00899EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/08 12:0 a.m.18 views

CVE-2024-25190

l8w8jwt 2.2.1 uses memcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.7AI score0.00899EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.5 views

PT-2024-20806 · L8W8Jwt · L8W8Jwt

Name of the Vulnerable Software and Affected Versions: l8w8jwt version 2.2.1 Description: The issue arises from the use of memcmp to verify authentication, which is not constant time. This makes it easier to bypass authentication via a timing side channel. Recommendations: For l8w8jwt version...

9.8CVSS7.1AI score0.00899EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.5 views

l8w8jwt Security Breach

l8w8jwt is an open source, minimal, OpenSSL-free and ultra-lightweight JWT library written in C by Glitched Polygons GmbH. A security vulnerability exists in version 2.2.1 of l8w8jwt, which stems from the use of memcmp to authenticate, resulting in an authentication bypass vulnerability...

9.8CVSS7AI score0.00899EPSS
Exploits1References2
Rows per page
Query Builder