CVE-2020-26511

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

JSON Web Token (JWT) Weaknesses

JSON Web Tokens, or JWTs, are an encoded set of claims commonly seen in REST APIs and Single page web applications SPAs. These encoded claims are used to provide identification of the requester and other information related to accessing. It is a stateless mechanism, and the token is sent with eve...

CVE-2021-39215

Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue...

JSON Web Token Weak Secret

JSON Web Tokens can be signed to protect against data tampering. By using an asymmetric or a symmetric signing algorithm, the application computes a signature of the token data which will be verified during token decoding to ensure its integrity. When using a symmetric algorithm, the signature is...

CVE-2020-26511

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

Authentication flaw

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

CVE-2020-26511

The CVE-2020-26511 entry concerns the WordPress plugin wpo365-login prior to v11.7. The issue is that the plugin uses a symmetric algorithm to decrypt a JWT token, enabling authentication bypass. Concrete details from connected sources specify the affected product (WordPress plugin wpo365-login),...

CVE-2020-26511

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

CVE-2015-9235

In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key RS/ES family of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm HS family...

Design/Logic Flaw

In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key RS/ES family of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm HS family...

CVE-2015-9235

In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key RS/ES family of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm HS family...