Lucene search
Veracode Vulnerability DatabaseVERACODE:6326HistoryMay 21, 2018 - 3:00 a.m.
Authentication Bypass
2018-05-2103:00:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.001 Low
EPSS
Percentile
41.0%
json-jwt is vulnerable to authentication bypasses. The library does not properly validate the GCM auth tag length, allowing a malicious user to require at most 256 attempts to forge a valid auth tag.
References
Related
cvelist
cvelist
CVE-2018-1000539
2018-06-26 16:00:00
prion
prion
Design/Logic Flaw
2018-06-26 16:29:00
osv
osv
CVE-2018-1000539
2018-06-26 16:29:00
ruby-json-jwt - security update
2018-08-31 00:00:00
Json-jwt did not verify the cryptographic signature for data
2018-07-31 18:13:51
openvas
openvas
Debian: Security Advisory (DSA-4283-1)
2018-08-30 00:00:00
cve
cve
CVE-2018-1000539
2018-06-26 16:29:02
CVE-2018-3768
2018-07-05 16:29:00
debian
debian
[SECURITY] [DSA 4283-1] ruby-json-jwt security update
2018-08-31 21:55:21
nessus
nessus
Debian DSA-4283-1 : ruby-json-jwt - security update
2018-09-04 00:00:00
github
github
Json-jwt did not verify the cryptographic signature for data
2018-07-31 18:13:51
ubuntucve
ubuntucve
CVE-2018-1000539
2018-06-26 00:00:00
nvd
nvd
CVE-2018-1000539
2018-06-26 16:29:02
CVE-2018-3768
2018-07-05 16:29:00
debiancve
debiancve
CVE-2018-1000539
2018-06-26 16:29:02