Vulnerability Details CVE-2015-10004
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.4%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654
- https://github.com/robbert229/jwt/issues/12
- https://pkg.go.dev/vuln/GO-2020-0023
- https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654
- https://github.com/robbert229/jwt/issues/12
- https://pkg.go.dev/vuln/GO-2020-0023
Products affected by CVE-2015-10004
-
cpe:2.3:a:json_web_token_project:json_web_token:-