Описание
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
- Issue TrackingVendor Advisory
- Issue TrackingPatch
- PatchVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
- Issue TrackingVendor Advisory
- Issue TrackingPatch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.3.2 (исключая)
cpe:2.3:a:latchset:jwcrypto:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00365
Низкий
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 5.3
ubuntu
больше 9 лет назад
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
CVSS3: 5.3
debian
больше 9 лет назад
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in ...
CVSS3: 5.3
github
больше 3 лет назад
jwcrypto lacks the Random Filling protection mechanism
EPSS
Процентиль: 58%
0.00365
Низкий
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200