Authentication Bypass in Try Mode

Module: hapi-auth-jwt2

Published: January 28th, 2016

Reported by: Alan Shaw

CVE-NONE

CWE-

Vulnerable: 5.1.1
Patched: >=5.1.2

Overview

When attempting to allow authentication mode try in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.

Remediation

Upgrade to version 5.1.2 or greater.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo