You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Tellier Benoit (JIRA)" <se...@james.apache.org> on 2017/06/12 08:54:00 UTC
[jira] [Created] (JAMES-2053) Check that we don't accept JWT tokens
with a None algorithm
Tellier Benoit created JAMES-2053:
-------------------------------------
Summary: Check that we don't accept JWT tokens with a None algorithm
Key: JAMES-2053
URL: https://issues.apache.org/jira/browse/JAMES-2053
Project: James Server
Issue Type: Bug
Components: webadmin, JMAP
Reporter: Tellier Benoit
Assignee: Antoine Duprat
We should check that we don't accept JWT tokens with a None algorithm, i.e. without verifying the signature.
See https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ for this security flaw.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org