You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Tellier Benoit (JIRA)" <se...@james.apache.org> on 2017/06/12 09:42:00 UTC

[jira] [Resolved] (JAMES-2053) Check that we don't accept JWT tokens with a None algorithm

     [ https://issues.apache.org/jira/browse/JAMES-2053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tellier Benoit resolved JAMES-2053.
-----------------------------------
    Resolution: Fixed

> Check that we don't accept JWT tokens with a None algorithm
> -----------------------------------------------------------
>
>                 Key: JAMES-2053
>                 URL: https://issues.apache.org/jira/browse/JAMES-2053
>             Project: James Server
>          Issue Type: Bug
>          Components: JMAP, webadmin
>            Reporter: Tellier Benoit
>            Assignee: Antoine Duprat
>
> We should check that we don't accept JWT tokens with a None algorithm, i.e. without verifying the signature.
> See https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ for this security flaw.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org