Tag
critical
advisory
fast-jwt Library JWT Algorithm Confusion Vulnerability
2 rules 1 TTP 1 CVEThe fast-jwt library is vulnerable to JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key due to an incomplete fix for CVE-2023-48223, allowing attackers to bypass intended security measures by exploiting leading whitespace in the RSA public key, enabling attackers to sign arbitrary payloads that will be accepted by the verifier, potentially leading to privilege escalation.
jwt
algorithm-confusion
vulnerability
fast-jwt
nodejs
2r
1t
1c
critical
advisory
fast-jwt Authentication Bypass Vulnerability via Empty HMAC Secret
2 rules 2 TTPsA critical vulnerability in the fast-jwt library allows attackers to forge JWTs by exploiting the acceptance of empty HMAC secrets in the async key resolver, leading to authentication bypass.
fast-jwt
jwt
authentication-bypass
vulnerability
2r
2t