Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
CVE-2016-6298: Million Messages Attack mitigation
RFC 3218 describes an oracle attack called Million Messages Attack against RSA with PKCS1 v1.5 padding. Depending on how JWEs are used a server may become an Oracle, and the mitigation presecribed in RFC 3218 2.3.2 need to be implemented. Many thanks to Dennis Detering for his responsible disclosure and help verifying the mitigation approach. Resolves #65 Signed-off-by: Simo Sorce <simo@redhat.com> Closes #66
- Loading branch information