Skip to content

Security Release CVE-2016-6298

Compare
Choose a tag to compare
@simo5 simo5 released this 31 Aug 19:47

The jwcrypto implementation of the RSA1_5 algorithm was found vulnerable to the Million Message Attack described in RFC 3128.

A timing attack could be leveraged against the implementation to detect when a chosen ciphertext generates a valid header and padding because invalid header/padding generates a code exception and cryptographic operations are terminated earlier resulting in faster processing measurable over the network.

Many thanks to Dennis Detering dennis.detering@rub.de for discovering and reporting this vulnerability.