jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2016-09-03T20:00:00
Updated: 2024-08-06T01:01:00.081Z
Reserved: 2016-06-10T00:00:00
Link: CVE-2016-5429
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2016-09-03T20:59:06.250
Modified: 2019-12-19T15:00:46.713
Link: CVE-2016-5429
Redhat
No data.