1 results (0.007 seconds)
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31582 – jose4j: Insecure iteration count setting
https://notcve.org/view.php?id=CVE-2023-31582
24 Oct 2023 — jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. jose4j anterior a v0.9.3 permite a los atacantes establecer un recuento bajo de iteraciones de 1000 o menos. A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure. • https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then • CWE-331: Insufficient Entropy •