CRITICAL🇵🇱 Wersja polska

CVE-2024-25189

CVSS 9.8v3.1pub. 2024-02-08upd. 2025-11-18

libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.

🤖 AI Analysis
How it works

The strcmp function terminates string comparison upon encountering the first difference, causing the operation execution time to depend on the number of matching characters at the beginning of the compared values. An attacker can measure server response time for successive authentication attempts to gradually guess the correct JWT token value character by character. This type of attack, known as timing side channel, allows effective bypass of the verification mechanism even without knowledge of the secret signing the token.

Impact

An unauthenticated remote attacker can bypass JWT-based authentication mechanism and gain unauthorized access to protected application resources, potentially leading to breach of confidentiality, integrity, and availability of data.

Mitigation & patch

Apply patches available from the vendor according to references. Debian Linux users should install the update described in the debian-lts-announce message from February 2024.

Who is affected

libjwt version 1.15.3 and libjwt packages available in Debian Linux (covered by Debian LTS announcement)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Debian

    OS
    Debian
    10.0
  • Libjwt

    APP
    Libjwt
    1.15.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki