Critical Vulnerabilities Affect JSON Web Token Libraries for JavaScript and PHP

By HTMLGoodies Staff

JWT is now a standard which produces tokens between two parties allowing a server to produce an admin token, transferred in JSON, and then signed by the server’s key which allows clients to then go on to use that token in order to verify the user is logged in as an admin. Now a Canadian security researcher, Tim McLean who specializes in cryptography has unearthed the issues, points out that attackers could exploit one of those vulnerabilities, which abuses an asymmetric signing algorithm present in some JWT libraries. Continue reading this story here.



Make a Comment

Loading Comments...

  • Web Development Newsletter Signup

    Invalid email
    You have successfuly registered to our newsletter.
  •  
  •  
  •  
Thanks for your registration, follow us on our social networks to keep up-to-date