Tomcat OpenID plugin authentication bypass

Claire details ERNW's finding that a Tomcat OpenID authenticator accepts JWTs with unknown signature algorithms.

Play episode from 07:13

Transcript

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!