The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2016-09-03T20:00:00
Updated: 2024-08-06T01:00:59.930Z
Reserved: 2016-06-10T00:00:00
Link: CVE-2016-5430
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2016-09-03T20:59:07.280
Modified: 2019-12-19T15:03:32.707
Link: CVE-2016-5430
Redhat
No data.