4 matches found
CVE-2021-29446
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29446
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29446
CVE-2021-29446 affects the npm package jose-node-cjs-runtime. In versions before 3.11.4, decryption of AES_CBC_HMAC_SHA2 (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) could leak timing information because HMAC verification and CBC decryption might run in sequence even on a failed path, creating a...
CVE-2021-29446 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...