jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Jose4j Project
  • Jose4j

Configuration 1 [-]

cpe:2.3:a:jose4j_project:jose4j:*:*:*:*:*:*:*:*
References
Link Resource
https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then Issue Tracking
https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-24T00:00:00

Updated: 2023-10-24T22:30:18.964347

Reserved: 2023-04-29T00:00:00

Link: CVE-2023-31582

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-10-25T18:17:27.777

Modified: 2023-10-31T15:18:04.017

Link: CVE-2023-31582

JSON object: View

cve-icon Redhat Information

No data.

CWE