lcobucci jwt Weak Encryption Vulnerability

Vulnerability

A vulnerability exists in lcobucci jwt versions through 5.4.3, where the HMAC and RSA key lengths used in the JSON Web Signature (JWS) implementation are inadequate, failing to meet recommended security standards. This weakness can lead to serious vulnerabilities and potential attacks, as shorter keys can be more easily compromised.

Impact

The weak encryption can allow attackers to exploit the vulnerability by compromising the integrity of the tokens, potentially leading to unauthorized access or actions.

Added: Jul 31, 2025, 8:22 PM

Updated: Jul 31, 2025, 9:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

lcobucci jwt Weak Encryption Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating