CVE-2024-25190

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 8, 2024

Updated: Aug 19, 2024

CWE ID 203

Summary

CVE-2024-25190 refers to a vulnerability in l8w8jwt version 2.2.1, where its use of memcmp for authentication verification is not constant time. This issue creates a timing side channel, making it simpler for attackers to bypass the authentication process by exploiting the variance in execution time. The security implication is that unauthorized access to protected systems or applications may occur, leading to potential data breaches or unintended system modifications. Users are advised to upgrade to the latest version or implement alternative authentication methods to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ubkfvE
https://www.cve.org/CVERecord?id=CVE-2024-25190
https://nvd.nist.gov/vuln/detail/CVE-2024-25190

Back to Vulnerability Database

CVE-2024-25190

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations