The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
Metrics
Affected Vendors & Products
References
History
Fri, 01 Nov 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Latchset
Latchset jwcrypto |
|
CPEs | cpe:2.3:a:latchset:jwcrypto:*:*:*:*:*:*:*:* | |
Vendors & Products |
Jwcrypto Project
Jwcrypto Project jwcrypto |
Latchset
Latchset jwcrypto |
Metrics |
cvssV3_0
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2016-09-01T23:00:00
Updated: 2024-08-06T01:22:20.877Z
Reserved: 2016-07-26T00:00:00
Link: CVE-2016-6298
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2016-09-01T23:59:01.160
Modified: 2024-11-01T14:36:23.500
Link: CVE-2016-6298
Redhat
No data.