[keycloak-dev] Critical vulnerabilities in JSON Web Token libraries
Stian Thorgersen
stian at redhat.com
Tue Apr 7 02:55:49 EDT 2015
Interesting attack, especially using the public key as hmac secret. Definitively worth considering if/when we add support for more algs ;)
----- Original Message -----
> From: "Pedro Igor Silva" <psilva at redhat.com>
> To: "keycloak dev" <keycloak-dev at lists.jboss.org>
> Sent: Thursday, 2 April, 2015 8:54:17 PM
> Subject: [keycloak-dev] Critical vulnerabilities in JSON Web Token libraries
>
> FYI,
>
> https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
>
> Regards.
> Pedro Igor
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list