33 matches found
CVE-2024-25191
php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...
PT-2024-20807 · Php-Jwt · Php-Jwt
Name of the Vulnerable Software and Affected Versions: php-jwt version 1.0.0 Description: The issue arises from the use of strcmp to verify authentication, which is not a constant-time comparison. This makes it easier for attackers to bypass authentication via a timing side channel...
CVE-2024-25191
CVE-2024-25191 affects the PHP-JWT library (version 1.0.0). The vulnerability arises because authentication verification uses strcmp, which is not constant-time, enabling bypass of authentication via a timing side channel. Documented impact is high: network access with no privileges required, and...
Validation Bypass
firebase/php-jwt is vulnerable to validation bypass. The vulnerability exists in decode and verify functions in JWT.php because the token validations are not properly handled when multiple keys are loaded in a key ring which allows an attacker to bypass server-side validations...
Firebase PHP-JWT key/algorithm type confusion
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
GHSA-8XF4-W7QW-PJJW Firebase PHP-JWT key/algorithm type confusion
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
Key/algorithm type confusion
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
CVE-2021-46743
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
CVE-2021-46743
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
Design/Logic Flaw
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
CVE-2021-46743
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
CVE-2021-46743
CVE-2021-46743 : In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue occurs via the kid header when multiple key types are loaded in a key ring, allowing an attacker to forge tokens that validate under the incorrect key. The description notes this may reflect unsafe usage of the PHP-JW...
PT-2022-12914 · Firebase +1 · Firebase Php-Jwt +1
Name of the Vulnerable Software and Affected Versions: Firebase PHP-JWT versions prior to 6.0.0 Description: The issue is related to an algorithm-confusion problem, where an attacker can forge tokens that validate under the incorrect key when multiple types of keys are loaded in a key ring. This...