Timing Attack

emarref/jwt is vulnerable to a timing attack. It is possible because the verify function in Symmetric.php does not compare hashes in constant time, allowing malicious users to guess valid hashes based on the time that a comparison takes...

jwt security bypass vulnerability

jwt is an implementation of the JSON Web Token JWT scheme for use in PHP . A security bypass vulnerability exists in the verify function of the Encryption/Symmetric.php file in jwt 1.0.2 and earlier versions. An attacker can exploit this vulnerability to forge a signature...

CVE-2016-7037

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack...

CVE-2016-7037

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack...

CVE-2016-7037

The CVE concerns Malcolm Fell jwt (before 1.0.3). The verify function in Encryption/Symmetric.php does not use a timing-safe hash comparison, allowing an attacker to spoof signatures via timing attacks. Impact is signature forgery; remediation is upgrading to version 1.0.3 or later (as per refere...