Re: [keycloak-dev] Critical vulnerabilities in JSON Web Token libraries
Interesting attack, especially using the public key as hmac secret. Definitively worth
considering if/when we add support for more algs ;)
----- Original Message -----
From: "Pedro Igor Silva" <psilva(a)redhat.com>
To: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
Sent: Thursday, 2 April, 2015 8:54:17 PM
Subject: [keycloak-dev] Critical vulnerabilities in JSON Web Token libraries
FYI,
https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-to...
Regards.
Pedro Igor
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev