3 matches found
CVE-2018-0114
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature JWS standard for JSON Web Tokens JWTs...
CVE-2018-0114
CVE-2018-0114 affects the Cisco node-jose library prior to 0.11.0. The flaw arises when a JSON Web Signature (JWS) header can carry a JWK (public key) that is then trusted for verification. An unauthenticated, remote attacker could forge valid JWS objects by removing the original signature, inser...
Cisco node-jose open source library security bypass vulnerability
Cisco node-jose open source library is the United States Cisco Cisco company based on a Web browser and node.js server JSON object signing and encryption of open source library . A security bypass vulnerability exists in the Cisco node-jose open source library that stems from node-jose's use of t...