CVE-2016-7037 - The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timi

CVE-2016-7037

Summary

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack.

References

Vulnerable Configurations

cpe:2.3:a:jwt_project:jwt:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:jwt_project:jwt:1.0.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 01-02-2017 - 02:59)
Impact:
Exploitability:

CWE

CWE-361

CAPEC

Session Fixation
The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	95847
confirm	https://github.com/emarref/jwt/pull/20 https://github.com/emarref/jwt/releases/tag/1.0.3

Last major update

01-02-2017 - 02:59

Published

23-01-2017 - 21:59

Last modified

01-02-2017 - 02:59