passEverything is awesome!

Scanned:

Microsoft.AspNetCore.Authentication.JwtBearer

latest

ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token. This package was built from the source code at https://github.com/dotnet/dotnet/tree/c2435c3e0f46de784341ac3ed62863ce77e117b4

License: Permissive (MIT)

Published:

See on NuGet

SAFE Assessment

Compliance

Licenses

No license compliance issues

Secrets

No sensitive information found

Security

Vulnerabilities

No known vulnerabilities detected

Hardening

No application hardening issues

Threats

Tampering

No evidence of software tampering

Malware

No evidence of malware inclusion

Popularity

1.03B

Total Downloads

Contributors

Declared Dependencies

4.59k

Dependents

Top issues

See all issues

Problem

Digital signatures are applied to applications, packages and documents as a cryptographically secured authenticity record. Signatures verify the origin and the integrity of the object they apply to. The integrity validation relies on the cryptographic strength of the encryption and the hash verification algorithm. If either of the two is considered weak by current standards, there is a chance the signed object could be maliciously modified, without triggering the integrity failure check.

Prevalence in NuGet community

100 packages

found in

Top 100

899 packages

found in

Top 1k

8997 packages

found in

Top 10k

755.66k packages

in community

Next steps

Create signatures with strong ECC key-length of at least 224 bits, or RSA key-length of at least 2048 bits, and use SHA256 as the hashing algorithm. While encryption key-length upgrade does require you to obtain a new certificate, the hashing algorithm can freely be selected during signing.

With Microsoft SignTool, you can specify the hashing algorithm using the /fd SHA256 parameter.

Problem

Digital signatures are applied to applications, packages and documents as a cryptographically secured authenticity record. Signatures are made using digital certificates, which can either be purchased from certificate authorities or be self-issued. When a certificate is purchased from a certificate authority, the subject that requests it goes through an identity validation process. Depending on the certificate type, those checks can be basic or extended. Confirming the subject identity is a multi-step process, and the requesting subject can be mapped to its legal entity name only through extended validation of submitted documents. Extended identity validation typically costs more, and it takes longer for a certificate to be issued when this process is correctly followed.

Prevalence in NuGet community

100 packages

found in

Top 100

898 packages

found in

Top 1k

8984 packages

found in

Top 10k

754.38k packages

in community

Next steps

Top 10k

756.66k packages

in community

Top vulnerabilities

No vulnerabilities found.

FAQ for Microsoft.AspNetCore.Authentication.JwtBearer

What is Microsoft.AspNetCore.Authentication.JwtBearer?

Is Microsoft.AspNetCore.Authentication.JwtBearer malicious or is it safe to use?

The .NET package Microsoft.AspNetCore.Authentication.JwtBearer was scanned for malware, software tampering, risky behaviors, exposed secrets and known vulnerabilities. No risks were detected, therefore, this version of the package is currently considered as safe to use.

Is Microsoft.AspNetCore.Authentication.JwtBearer popular?

The .NET package Microsoft.AspNetCore.Authentication.JwtBearer ranks among the top 1000 projects in this community. It has 1B recorded downloads. A package's popularity is not a good indicator of its safety, visit the SAFE Assessment section to see the full analysis of package deployment risk categories.

How do I secure Microsoft.AspNetCore.Authentication.JwtBearer once it is in my app?

Since we can't know when or where malicious attacks will happen, we recommend tracking how Microsoft.AspNetCore.Authentication.JwtBearer behaviors change over multiple software releases. By adopting differential analysis in your release process, you can detect unexpected changes to a Microsoft.AspNetCore.Authentication.JwtBearer version, which can prevent advanced software supply chain attacks. Read how our technology can help prevent future attacks similar to SolarWinds and 3CX.

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.

This website uses cookies to ensure the best website experience. By continuing to use this website you are giving your consent to cookies being used. Detailed information about our use of cookies is here.

Popularity

1.03B

Total Downloads

Contributors

Declared Dependencies

4.59k

Dependents

Top issues

See all issues

Problem

Prevalence in NuGet community

100 packages

found in

Top 100

899 packages

found in

Top 1k

8997 packages

found in

Top 10k

755.66k packages

in community

Next steps

With Microsoft SignTool, you can specify the hashing algorithm using the /fd SHA256 parameter.

Problem

Prevalence in NuGet community

100 packages

found in

Top 100

898 packages

found in

Top 1k

8984 packages

found in

Top 10k

754.38k packages

in community

Next steps

756.66k packages

in community

Top vulnerabilities

No vulnerabilities found.

Microsoft.AspNetCore.Authentication.JwtBearer

SAFE Assessment

Compliance

Security

Threats

Popularity

Top issues

SQ20119Detected digital signatures that rely on a weak digest algorithm for integrity validation.signatures

Problem

Prevalence in NuGet community

Next steps

SQ20121Detected digital signatures that have not been performed with an extended validation certificate.signatures

Problem

Prevalence in NuGet community

Next steps

Top behaviors

Decodes data using the Base64 algorithm.packer

Prevalence in NuGet community

Contains IP addresses.network

Prevalence in NuGet community

Contains URLs.network

Prevalence in NuGet community

Connects through HTTP.network

Prevalence in NuGet community

Contains patterns identifying the constants related to the SHA-256 hash function, from the SHA-2 hash family.signature

Prevalence in NuGet community

Top vulnerabilities

FAQ for Microsoft.AspNetCore.Authentication.JwtBearer

What is Microsoft.AspNetCore.Authentication.JwtBearer?

Is Microsoft.AspNetCore.Authentication.JwtBearer malicious or is it safe to use?

Is Microsoft.AspNetCore.Authentication.JwtBearer popular?

How do I secure Microsoft.AspNetCore.Authentication.JwtBearer once it is in my app?

Did you know...

Popularity

Top issues

SQ20119Detected digital signatures that rely on a weak digest algorithm for integrity validation.signatures

Problem

Prevalence in NuGet community

Next steps

SQ20121Detected digital signatures that have not been performed with an extended validation certificate.signatures

Problem

Prevalence in NuGet community

Next steps

Top behaviors

Decodes data using the Base64 algorithm.packer

Prevalence in NuGet community

Contains IP addresses.network

Prevalence in NuGet community

Contains URLs.network

Prevalence in NuGet community

Connects through HTTP.network

Prevalence in NuGet community

Contains patterns identifying the constants related to the SHA-256 hash function, from the SHA-2 hash family.signature

Prevalence in NuGet community

Top vulnerabilities