Vulnerabilities > Jose PHP Project

DATE CVE VULNERABILITY TITLE RISK
2016-09-03 CVE-2016-5430 Information Exposure vulnerability in Jose-PHP Project Jose-PHP
The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
network
low complexity
jose-php-project CWE-200
5.0
2016-09-03 CVE-2016-5429 Information Exposure vulnerability in Jose-PHP Project Jose-PHP
jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.
4.3