CVE-2020-10244

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens...

JPaseto weak hash vulnerability

JPaseto is a Java library for creating and parsing Paseto . A weak hash vulnerability exists in JPaseto versions prior to 0.3.0. The vulnerability stems from the fact that JPaseto generates weak hashes when using v2.local tokens. No details of the vulnerability are provided at this time...

CVE-2020-10244

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens...

CVE-2020-10244

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens...

Information disclosure

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens...

CVE-2020-10244

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens...

CVE-2020-10244

CVE-2020-10244 focuses on JPaseto before 0.3.0, where the library generates weak hashes when using v2.local tokens. The underlying issue is a weak-hash implementation in this version of JPaseto, not a description of an exploit or affected configurations. The consequence is unclear in the provided...

Insecure Hashes

jpaseto is vulnerable to generating insecure hashes. The vulnerability exists because it has a flawed calculation of hashes using Blake2b.hash since the order of arguments passed to the hash function is wrong, resulting in weak or insecure hashes for v2.local tokens...