Red Hat Rumble: Cjose’s Comedy of Errors in AES GCM Decryption

Another ticklish vulnerability in Red Hat’s Cjose, a library handling JavaScript Object Signing and Encryption, has been discovered. This time, the AES GCM decryption’s tag length is at fault, adding another feather to Red Hat’s ‘patch it up’ cap.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here