CVE-2016-7037

Published January 23rd, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack.

emarref/jwt

An implementation of the JSON Web Token (JWT) draft in PHP.

GitHub