Vulnerability Description
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Latchset | Jwcrypto | < 0.3.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/92729Broken LinkThird Party AdvisoryVDB Entry
- https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5Issue TrackingPatchVendor Advisory
- https://github.com/latchset/jwcrypto/issues/65Issue TrackingVendor Advisory
- https://github.com/latchset/jwcrypto/pull/66Issue TrackingPatch
- https://github.com/latchset/jwcrypto/releases/tag/v0.3.2PatchVendor Advisory
- http://www.securityfocus.com/bid/92729Broken LinkThird Party AdvisoryVDB Entry
- https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5Issue TrackingPatchVendor Advisory
- https://github.com/latchset/jwcrypto/issues/65Issue TrackingVendor Advisory
- https://github.com/latchset/jwcrypto/pull/66Issue TrackingPatch
- https://github.com/latchset/jwcrypto/releases/tag/v0.3.2PatchVendor Advisory
FAQ
What is CVE-2016-6298?
CVE-2016-6298 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartex...
How severe is CVE-2016-6298?
CVE-2016-6298 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6298?
Check the references section above for vendor advisories and patch information. Affected products include: Latchset Jwcrypto.