MEDIUM🇬🇧 English

CVE-2016-6298

CVSS 5.3v3.1pub. 2016-09-01upd. 2026-05-06

The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Latchset Jwcrypto

    APP
    Latchset
    < 0.3.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-39373MEDIUM5.3ten sam produkt

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthentic...

CVE-2024-28102MEDIUM6.8ten sam produkt

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an att...

CVE-2023-6681MEDIUM5.3ten sam produkt

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack ...

CVE-2023-50967HIGH7.5ten sam vendor

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p...

CVE-2023-6258HIGH8.1ten sam vendor

A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Crypt...