logo

Database

Insecure encryption algorithm In libjose4j-java

Description

jose4j uses weak cryptographic algorithm jose4j before v0.9.3 allows attackers to set a low PBES2 iteration count of 1000 or less.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-315822. NVD-2023-315823. OSV-DEBIAN-2023-315824. OSV-2023-315825. GCVE-2023-315826. SECURITY-TRACKER-CVE-2023-31582

References

1. https://bitbucket.org/b_c/jose4j/commits/1929fe32. https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then3. https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.