QwikSec

Security Database

CVE

CWE

Training

CVE-2020-15957

Published: Jul 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the signature check by providing a JWT token with alg=none.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/dp-3T/dp3t-sdk-backend

x_refsource_MISC

https://github.com/DP-3T/dp3t-sdk-backend/compare/v1.0.4...v1.1.0

x_refsource_MISC

https://github.com/DP-3T/dp3t-sdk-backend/security/advisories/GHSA-5m5q-3qw2-3xf3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.