RSS   Vulnerabilities for 'Jose-php'   RSS

2016-09-03
 
CVE-2016-5430

 

 
The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).

 
 
CVE-2016-5429

 

 
jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.

 

 >>> Vendor: GREE 8 Products
GREE
Haconiwa
Kaizokuoukoku columbus
Monpura
Seisen cerberus
Tanken dorirando
Tsurisuta
Jose-php


Copyright 2019, cxsecurity.com

 

Back to Top