The verify function in Encryption/Symmetric.php in Malcolm Fell jwt prior to 1.0.3 does not use a timing-safe function for hash comparison, which allows malicious users to spoof signatures via a timing attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jwt project jwt |