Time-Sensitive Vulnerability in Authentikat JWT Library by Jason Goodwin
CVE-2017-18239

9.8CRITICAL

Key Information:

Vendor
CVE Published:
18 March 2018

What is CVE-2017-18239?

A vulnerability exists in the Authentikat JWT Library, where the JsonWebToken.validate method performs a time-sensitive equality check on the JWT signature. This flaw enables attackers to exploit the validation process, allowing them to guess the signature bit by bit by making repeated validation requests. If the attacker can control the input, they may leverage this vulnerability to gain unauthorized access or manipulate signed content.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.