EUVD-2023-2687

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-31582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. CVE-2023-31582 Note that Nessus relies on the presence of the package as...

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

jose4j: Insecure iteration count setting

A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure...

SUSE CVE-2023-31582

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less...

CVE-2023-31582

A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure. Mitigation No mitigation is currently available for this flaw...

GHSA-7G24-QG88-P43Q jose4j uses weak cryptographic algorithm

jose4j before v0.9.3 allows attackers to set a low PBES2 iteration count of 1000 or less...

CVE-2023-31582

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less...

DEBIAN-CVE-2023-31582

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less...

CVE-2023-31582

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less...

Design/Logic Flaw

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less...

UBUNTU-CVE-2023-31582

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less...

jose4j Security Feature Issue Vulnerability

jose4j is a powerful and easy-to-use open source implementation of the JSON Web Token JWT and the JOSE specification suite JWS, JWE, and JWK open sourced from Bitbucket . A security vulnerability exists in versions of jose4j prior to v0.9.3 that stems from allowing an attacker to set a low...

CVE-2023-31582

CVE-2023-31582 is covered by a connected document that provides concrete technical details. TheJose4J library (affected component) versions before 0.9.3 are vulnerable to setting a very low iteration count (1000 or less) in cryptographic operations. The linked IBM/ADX bulletin notes the vulnerabi...

PT-2023-8391 · Jose4J · Jose4J

Name of the Vulnerable Software and Affected Versions: jose4j versions prior to 0.9.3 Description: The issue is related to the use of an algorithm that provides insufficient entropy. This allows attackers to set a low iteration count of 1000 or less, potentially enabling them to bypass security...