Timing Attack Vulnerability in JWT Library by Malcolm Fell
CVE-2016-7037
7.5HIGH
What is CVE-2016-7037?
A vulnerability exists in the verify function within the Encryption/Symmetric.php file of the JWT Library developed by Malcolm Fell. Versions prior to 1.0.3 do not utilize a timing-safe function for hash comparison. This oversight allows attackers to exploit the flaw through timing attacks, enabling them to spoof signatures and potentially compromise security. It's crucial for users to update to the latest version to mitigate this risk.