Dell Data Protection Central 加密问题漏洞

Dell Data Protection Central is a suite of data protection solutions from Dell USA. The product provides single sign-on, dashboards, and system monitoring. A vulnerability exists in Dell Data Protection Central version 19.9 due to an encryption issue that stems from insufficient encryption...

GHSA-94HH-PJJG-RWMR Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...