Описание
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
Ссылки
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:libjwt:libjwt:1.15.3:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00083
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-203
CWE-203
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 2 года назад
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
CVSS3: 9.8
debian
почти 2 года назад
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authe ...
CVSS3: 9.8
github
почти 2 года назад
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
EPSS
Процентиль: 24%
0.00083
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-203
CWE-203