a vulnerability in the Java JDKs
15 to 18allowing to bypass signature checks using ECDSA signatures (based on elliptic curves).
Ref:
- https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app
- https://nitter.net/i/status/1516878071785467904
- https://nitter.net/tqbf/status/1516570590211153922?cursor=LBk2hoCz8f7K%2BIsqgoC90YK2%2BosqgICstaW9gowqJQISAAA%3D#r
- https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/