jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
References
Link | Resource |
---|---|
https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then | Issue Tracking |
https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md | Third Party Advisory |
Configurations
History
31 Oct 2023, 15:18
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md - Third Party Advisory | |
References | (MISC) https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then - Issue Tracking | |
CPE | cpe:2.3:a:jose4j_project:jose4j:*:*:*:*:*:*:*:* | |
First Time |
Jose4j Project jose4j
Jose4j Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-331 |
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-25 18:17
Updated : 2024-02-28 20:33
NVD link : CVE-2023-31582
Mitre link : CVE-2023-31582
CVE.ORG link : CVE-2023-31582
JSON object : View
Products Affected
jose4j_project
- jose4j
CWE
CWE-331
Insufficient Entropy