Re: [keycloak-dev] Critical vulnerabilities in JSON Web Token libraries

Friday, 3 April 2015

It seems to me that we are not vulnerable to this. We're using 
RSATokenVerifier everywhere and only allowed algorithms are the RS256, 
RS384, RS512. And for all of them, attacker would need realm private key 
to sign the token.

Marek

On 2.4.2015 20:54, Pedro Igor Silva wrote:
...
 FYI,

https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-to...

 Regards.
 Pedro Igor
 _______________________________________________
 keycloak-dev mailing list
 keycloak-dev(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-dev 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Re: [keycloak-dev] Critical vulnerabilities in JSON Web Token libraries