Product

Fast-Jwt (<= 6.2.3)

1 brief RSS

fast-jwt Authentication Bypass Vulnerability via Empty HMAC Secret

A critical vulnerability in the fast-jwt library allows attackers to forge JWTs by exploiting the acceptance of empty HMAC secrets in the async key resolver, leading to authentication bypass.

fast-jwt jwt authentication-bypass vulnerability

2r 2t Jan 3, 2024