The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
oryginał ENCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NLatchset Jwcrypto
APPLatchset< 0.3.2
Powiązane podatności
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthentic...
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an att...
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack ...
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p...
A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Crypt...