-
Notifications
You must be signed in to change notification settings - Fork 0
/
vulns.yml
65 lines (54 loc) · 3.17 KB
/
vulns.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
- date: 2020-04-20
title: Auth0 alg=nonE
description: TODO
url: https://insomniasec.com/blog/auth0-jwt-validation-bypass
added_retroactively: yes
- date: 2020-07-30
title: DP3T contact tracing project
description: The DP3T Coronavirus tracing project had a vulnerability in its backend accepting unsigned JWT tokens with signature algorithm=none. <a href="https://mrsuicideparrot.github.io/security/2020/07/30/CVE-2020-15957.html">Write-up here.</a>
library: jjwt
- date: 2020-08-24
title: Marvel's Avengers
description: The "Marvel's Avengers" videogame <a href="https://krystalgamer.github.io/avengers-emulator/">accepts alg=none tokens in API login responses</a><br>(and completely ignores signatures as well, for good measure).
- date: 2020-10-20
title: UK contact tracing app
description: The UK NHS COVID-19 contact tracing app for Android was accepting <br>alg=none tokens in venue check-in QR codes. <a href="https://www.zofrex.com/blog/2020/10/20/alg-none-jwt-nhs-contact-tracing-app/">Write-up here.</a>
library: jjwt
- date: 2021-04-17
description: TODO
url: https://github.com/ManyDesigns/Portofino/security/advisories/GHSA-6g3c-2mh5-7q6x
added_retroactively: yes
project: Portofino
library: jjwt
- date: 2021-04-17
description: TODO
url: https://github.com/grassrootza/grassroot-platform/security/advisories/GHSA-f65w-6xw8-6734
added_retroactively: yes
project: grassroot-platform
library: jjwt
- date: 2021-05-21
description: TODO
url: https://github.com/fxbin/bubble-fireworks/security/advisories/GHSA-hj36-84cp-29pr
added_retroactively: yes
project: bubble-fireworks
library: jjwt
- date: 2021-05-25
title: Apache Pulsar
description: Apache Pulsar <a href="https://www.openwall.com/lists/oss-security/2021/05/25/4">accepted alg=none tokens</a> if it was configured to authenticate clients via JWT.
- date: 2021-07-26
title: NIMBLE logistics platform
description: The NIMBLE supply chain & logistics platform was <a href="https://github.com/nimble-platform/common/security/advisories/GHSA-fjq8-896w-pv28">accepting alg=none tokens</a> for user authentication and authorisation.
library: jjwt
- date: 2022-01-29
title: Conecte SUS
url: https://twitter.com/conradoplg/status/1487503344830668805
description: Conecte SUS, the official app of the Brazilian Ministry of Health, <a href="https://twitter.com/conradoplg/status/1487503344830668805">does not validate JWT signatures when validating vaccine certificates offline</a>. It doesn't accept alg=none, but it might as well.
- date: 2022-12-21
title: jsonwebtoken library
url: https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6
description: |
The jsonwebtoken library <a href="https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6">would accept alg: none tokens as valid</a> before version 9.0.0.
- date: 2023-09-25
title: SharePoint 2019
url: https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/
description: An unauthenticated attacker could <a href="https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/">impersonate any user in SharePoint 2019</a> by using an alg:none JWT for OAuth authentication.