CVE-2016-10525: Improper Authentication

February 18, 2019 (updated September 15, 2021)

When attempting to allow authentication mode try in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.

References

github.com/advisories/GHSA-mg8r-9g6j-hwv9
github.com/dwyl/hapi-auth-jwt2/issues/111
github.com/dwyl/hapi-auth-jwt2/pull/112
nodesecurity.io/advisories/81
nvd.nist.gov/vuln/detail/CVE-2016-10525
www.npmjs.com/advisories/81

Code Behaviors & Features

Detect and mitigate CVE-2016-10525 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →