The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
History

Fri, 01 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Latchset
Latchset jwcrypto
CPEs cpe:2.3:a:jwcrypto_project:jwcrypto:*:*:*:*:*:*:*:* cpe:2.3:a:latchset:jwcrypto:*:*:*:*:*:*:*:*
Vendors & Products Jwcrypto Project
Jwcrypto Project jwcrypto
Latchset
Latchset jwcrypto
Metrics cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-09-01T23:00:00

Updated: 2024-08-06T01:22:20.877Z

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6298

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2016-09-01T23:59:01.160

Modified: 2024-11-01T14:36:23.500

Link: CVE-2016-6298

cve-icon Redhat

No data.