3 matches found
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the AesCbcHmacSha2Decryptor.doFinal function, which effectively skips authentication by comparing the computed authentication tag with itself rather than with the received tag, for A128CBC-HS256, A192CBC-HS384...
CVE-2026-33117
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...
Extraneous SSH Public Keys added to Authorized Keys file on Linux VM
None None...