Information Exposure Affecting jwcrypto package, versions [,0.3.2)
Snyk CVSS
Attack Complexity
High
Confidentiality
High
Threat Intelligence
EPSS
0.17% (54th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-JWCRYPTO-40404
- published 31 Aug 2016
- disclosed 31 Aug 2016
- credit Simo Sorce
Introduced: 31 Aug 2016
CVE-2016-6298 Open this link in a new tabOverview
jwcrypto
is a Implementation of JOSE Web standards
The Rsa15
class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).