ID:8751 - Exploit for Use of a broken or risky cryptographic algorithm in node-jsonwebtoken - CVE-2022-23540

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:8751 - Exploit for Use of a broken or risky cryptographic algorithm in node-jsonwebtoken - CVE-2022-23540

ID:8751 - Exploit for Use of a broken or risky cryptographic algorithm in node-jsonwebtoken - CVE-2022-23540

Published: January 19, 2023


Vulnerability identifier: #VU71182
Vulnerability risk: High
CVE-ID: CVE-2022-23540
CWE-ID: CWE-327
Exploitation vector: Remote access
Vulnerable software:
node-jsonwebtoken

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insecure default algorithm in jwt.verify(). A remote attacker can cause signature validation bypass.


Remediation

Install updates from vendor's website.