Security Advisory

CVE-2017-18239

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-03-18 03:00:00

Last updated 2024-08-05 21:13:49

Assigner mitre

State PUBLISHED

Description

A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.

← Browse all CVEs View on cve.org ↗