|
|
Subscribe / Log in / New account

python-jwt: token verification bypass

Package(s):python-jwt CVE #(s):
Created:June 30, 2015 Updated:July 1, 2015
Description: From the Red Hat bugzilla:

If the secretKey was expected to be a RSA public key, but the attacker changed the header to indicate a signature algorithm of HMAC, the RSA public key would be used as the signing secret.

Alerts:
Fedora FEDORA-2015-10249 python-jwt 2015-06-30
Fedora FEDORA-2015-10350 python-jwt 2015-06-30
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds