An issue exists in DP3T-Backend-SDK prior to 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the signature check by providing a JWT token with alg=none.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dp3t-backend-software development kit project dp3t-backend-software development kit |