Lucene search
RedhatCVELIST:CVE-2016-7037HistoryJan 23, 2017 - 9:00 p.m.
CVE-2016-7037
2017-01-2321:00:00
redhat
www.cve.org
1
0.001 Low
EPSS
Percentile
48.8%
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack.
Related
cve
cve
CVE-2016-7037
2017-01-23 21:59:02
osv
osv
CVE-2016-7037
2017-01-23 21:59:02
nvd
nvd
CVE-2016-7037
2017-01-23 21:59:02
veracode
veracode
Timing Attacks
2017-07-25 22:24:19
prion
prion
Design/Logic Flaw
2017-01-23 21:59:00