npm

Severity: critical

Authentication Bypass

hapi-auth-jwt2

Overview

Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode.

Remediation

Update to version 5.1.2 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jan 28th, 2016
  2. reported

    Initial report by Alan Shaw
    Jan 28th, 2016