[
https://issues.apache.org/jira/browse/JAMES-2053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tellier Benoit closed JAMES-2053.
---------------------------------
> Check that we don't accept JWT tokens with a None algorithm
> -----------------------------------------------------------
>
> Key: JAMES-2053
> URL: https://issues.apache.org/jira/browse/JAMES-2053
> Project: James Server
> Issue Type: Bug
> Components: JMAP, webadmin
> Reporter: Tellier Benoit
> Assignee: Antoine Duprat
>
> We should check that we don't accept JWT tokens with a None algorithm, i.e.
> without verifying the signature.
> See
> https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
> for this security flaw.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
