Veryfyer - Email Verification and Validation Service - Veryfyer | Email List Cleaning & Verification

Author

Changes by Security Team

All changelog entries authored by Security Team.

March 1, 2024

Critical Security Patch: JWT Signing Algorithm Vulnerability

Security Bug Fixes Security Jwt Bug Fix

A critical security vulnerability was discovered in our JWT signing implementation. This patch fixes the issue where certain edge cases could allow token forgery under specific conditions.

Security impact:

Severity: High
CVSS Score: 8.3
Affected versions: 2.0.0 - 2.4.3

Fix details:

Updated RSA key validation logic
Enhanced signature verification
Improved error handling in token parsing

All users running affected versions must update immediately to ensure secure authentication.

January 15, 2024

Bug Fix: Rate Limiting Bypass Vulnerability

Security Bug Fixes Security Bug Fix Api

We've identified and fixed a security vulnerability in our rate limiting implementation that could allow bypass under certain conditions.

Issue details:

Rate limits could be bypassed using custom X-Forwarded-For headers
Affected endpoints: /auth/login, /auth/register, /auth/password-reset
Impact: Potential brute force attacks

Fix summary:

Enhanced header validation
Improved IP extraction logic
Added additional safeguards for proxy detection

Update to version 2.4.4 or later to ensure proper rate limiting protection.