Authentication Bypass in Try Mode

Module: hapi-auth-jwt2

Published: January 28th, 2016

Reported by: Alan Shaw

CVE-NONE

CWE-287

Vulnerable: 5.1.1
Patched: >=5.1.2

Overview

Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode.

Remediation

Update to version 5.1.2 or later.

References

Issue #111 PR #112