CVE-2017-18239
Description
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authentikat-jwt <=0.4.5 uses a non-constant-time string comparison for JWT signatures, allowing an attacker to perform a timing side-channel attack to forge tokens.
Vulnerability
The JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala of authentikat-jwt (com.jason-goodwin/authentikat-jwt) versions 0.4.5 and earlier performs a time-sensitive equality check when comparing the JWT signature [1][2]. Instead of using a constant-time string comparison, the implementation returns early as soon as a mismatched byte is encountered, enabling a timing side-channel attack [3]. This vulnerability affects all versions up to and including 0.4.5.
Exploitation
An attacker who is able to supply a crafted JWT token to a service using this library can repeatedly submit validation requests and measure the response time [1]. By observing slight timing differences, the attacker can incrementally guess each bit or character of the correct HMAC signature or private key [3]. No authentication or special network position is required beyond being able to send tokens to a validating endpoint that returns timing information, either directly or through observable side effects.
Impact
Successful exploitation allows the attacker to recover the secret key used for signing JWT tokens [3]. With the key, the attacker can forge arbitrary valid tokens, leading to complete authentication bypass and unauthorized access to any resource or action protected by JWT verification [2]. This results in a full compromise of confidentiality, integrity, and availability of the affected system.
Mitigation
The project maintainer recommended updating to version 0.4.5, but that version still contains this timing vulnerability [1]. The pull request #36 on GitHub introduces constant-time string comparison to fix the issue, but as of the advisory, no patched release has been published [1][2]. The project is not actively maintained, and the author explicitly recommends migrating to a more mature and well-supported JWT library for production use [2]. No workaround is documented in the references; the only reliable mitigation is to replace authentikat-jwt with an actively maintained alternative.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.jason-goodwin:authentikat-jwt_2.12Maven | < 0.4.6 | 0.4.6 |
Affected products
2- Range: <=0.4.5
Patches
12d2fa0d40ac8Use constant-time string comparison for sigs
1 file changed · +1 −1
src/main/scala/authentikat/jwt/JsonWebToken.scala+1 −1 modified@@ -84,7 +84,7 @@ object JsonWebToken extends JsonMethods { val signature = encodeBase64URLSafeString( JsonWebSignature(header.algorithm.getOrElse("none"), providedHeader + "." + providedClaims, key)) - providedSignature.contentEquals(signature) + java.security.MessageDigest.isEqual(providedSignature.getBytes(), signature.getBytes()) case _ ⇒ false }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-3rhm-67j6-42jqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-18239ghsaADVISORY
- github.com/jasongoodwin/authentikat-jwt/commit/2d2fa0d40ac8f2f7aa7e9b070fa1a25eee082cb0ghsax_refsource_MISCWEB
- github.com/jasongoodwin/authentikat-jwt/issues/12ghsax_refsource_MISCWEB
- github.com/jasongoodwin/authentikat-jwt/pull/36ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.