[jira] [Created] (JAMES-2053) Check that we don't accept JWT tokens with a None algorithm

Tellier Benoit (JIRA) Mon, 12 Jun 2017 01:54:27 -0700

Tellier Benoit created JAMES-2053:
-------------------------------------

             Summary: Check that we don't accept JWT tokens with a None 
algorithm
                 Key: JAMES-2053
                 URL: https://issues.apache.org/jira/browse/JAMES-2053
             Project: James Server
          Issue Type: Bug
          Components: webadmin, JMAP
            Reporter: Tellier Benoit
            Assignee: Antoine Duprat



We should check that we don't accept JWT tokens with a None algorithm, i.e. 
without verifying the signature.
See 
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ 
for this security flaw.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (JAMES-2053) Check that we don't accept JWT tokens with a None algorithm

Reply via email to