Sunday, September 26, 2021

Critical Vulnerabilities Affect JSON Web Token Libraries for JavaScript and PHP

JWT is now a standard which produces tokens between two parties allowing a server to produce an admin token, transferred in JSON, and then signed by the server’s key which allows clients to then go on to use that token in order to verify the user is logged in as an admin. Now a Canadian security researcher, Tim McLean who specializes in cryptography has unearthed the issues, points out that attackers could exploit one of those vulnerabilities, which abuses an asymmetric signing algorithm present in some JWT libraries. Continue reading this story here.

Popular Articles