Nurturing Palpable Magnificence
hapi-auth-jwt2

Authentication Bypass

Severity: critical

Overview

Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode.

Remediation

Update to version 5.1.2 or later.

Vulnerable versions

5.1.1
3 years ago

Unaffected versions

1.0.1
3 years ago
1.0.2
3 years ago
1.0.3
3 years ago
1.0.4
3 years ago
1.0.5
3 years ago
1.0.7
3 years ago
1.0.8
3 years ago
1.0.9
3 years ago
2.0.0
3 years ago
2.0.1
3 years ago
3.0.0
3 years ago
3.0.1
3 years ago
3.1.1
3 years ago
3.2.1
3 years ago
4.0.1
3 years ago
4.0.2
3 years ago
4.0.3
3 years ago
4.2.0
3 years ago
4.2.1
3 years ago
4.2.2
3 years ago
4.3.0
3 years ago
4.3.1
3 years ago
4.3.2
3 years ago
4.3.3
3 years ago
4.3.4
3 years ago
4.4.0
3 years ago
4.4.1
3 years ago
4.5.0
3 years ago
4.6.0
3 years ago
4.7.0
3 years ago
4.7.1
3 years ago
4.7.2
3 years ago
4.8.0
3 years ago
4.8.1
3 years ago
4.9.0
3 years ago
5.0.0
3 years ago
5.0.1
3 years ago
5.0.2
3 years ago
5.0.3
3 years ago
5.0.4
3 years ago
5.0.6
3 years ago
5.0.7
3 years ago
5.1.0
3 years ago
5.1.2
3 years ago
5.1.3
3 years ago
5.2.0
3 years ago
5.2.1
3 years ago
5.3.0
3 years ago
5.3.1
3 years ago
5.3.2
3 years ago
5.4.0
3 years ago
5.4.1
3 years ago
5.7.0
2 years ago
5.8.0
2 years ago
6.0.0
2 years ago
7.0.0
2 years ago
7.0.1
2 years ago
7.1.0
2 years ago
7.1.1
2 years ago
7.1.2
2 years ago
7.1.3
2 years ago
7.2.0
2 years ago
7.2.1
2 years ago
7.2.2
2 years ago
7.2.3
2 years ago
7.2.4
2 years ago
7.3.0
a year ago
7.4.0
7 months ago
7.4.1
7 months ago
8.0.0
6 months ago
8.0.1
5 months ago
8.1.0
4 months ago

Advisory timeline

  1. Published

    Advisory published
    Jan 28th, 2016
  2. Reported

    Initial report by Alan Shaw
    Jan 28th, 2016