6 matches found
EUVD-2016-7921
Malware in sbrugna...
Timing Attacks
Malcolm Fell jwt is vulnerable to timing attacks. The library does not compare hashes in constant time, which allows malicious users to use the timing of the request to progressively identify a valid hash...
CVE-2016-7037
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack...
Design/Logic Flaw
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack...
CVE-2016-7037
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack...
CVE-2016-7037
The CVE concerns Malcolm Fell jwt (before 1.0.3). The verify function in Encryption/Symmetric.php does not use a timing-safe hash comparison, allowing an attacker to spoof signatures via timing attacks. Impact is signature forgery; remediation is upgrading to version 1.0.3 or later (as per refere...