snowatlas
commented
1 year ago Hi, i'd like to work one this issue , if i understand i must verify that ECDSA signature with r!=0 and s!=0, and if r=s=0 so this the signature isn't accepted .
Open kingthorin opened 2 years ago
snowatlas
commented
1 year ago Hi, i'd like to work one this issue , if i understand i must verify that ECDSA signature with r!=0 and s!=0, and if r=s=0 so this the signature isn't accepted .
preetkaran20
commented
1 year ago Hi @snowatlas ,
Great !!!. Yes you are right. We need to inject the payloads where r and s are 0 for ECDSA.
thanks, Karan
Is your feature request related to a problem? Please describe. It would be great if the JWT add-on could check for JWT issues related to CVE-2022-21449.
Describe the solution you'd like Implement a scan rule/check that can detect something similar to: https://twitter.com/christophetd/status/1516878071785467904
Sample Vulnerable Application of the JWT Null Signature Vulnerability (CVE-2022-21449)
Describe alternatives you've considered N/A
Would you like to help fix this issue? Not at this time.
Additional context Nothing further.