Boletines de Vulnerabilidades

DSA-3293 pyjwt - security update

Información sobre el sistema
   
Software afectado Debian

Descripción
Tim McLean discovered that pyjwt, a Python implementation of JSON WebToken, would try to verify an HMAC signature using an RSA or ECDSA publickey as secret. This could allow remote attackers to trick applicationsexpecting tokens signed with asymmetric keys, into accepting arbitrarytokens. For more information see: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/.

More info:

https://www.debian.org/security/2015/dsa-3293

Identificadores estándar
Propiedad Valor
CVE DSA-3293.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-06-22

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT