CVE Vulnerabilities

CVE-2017-12973

Improper Validation of Integrity Check Value

Published: Aug 20, 2017 | Modified: Oct 03, 2019
CVSS 3.x
3.1
LOW
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.

Weakness

The product does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

Affected Software

Name Vendor Start Version End Version
Nimbus_jose+jwt Connect2id 1.9.1 1.9.1
Nimbus_jose+jwt Connect2id 4.0 4.0
Nimbus_jose+jwt Connect2id 2.6 2.6
Nimbus_jose+jwt Connect2id 1.4 1.4
Nimbus_jose+jwt Connect2id 4.3 4.3
Nimbus_jose+jwt Connect2id 2.1 2.1
Nimbus_jose+jwt Connect2id 2.16 2.16
Nimbus_jose+jwt Connect2id 2.19 2.19
Nimbus_jose+jwt Connect2id 2.10.1 2.10.1
Nimbus_jose+jwt Connect2id 4.34.2 4.34.2
Nimbus_jose+jwt Connect2id 1.7 1.7
Nimbus_jose+jwt Connect2id 4.17 4.17
Nimbus_jose+jwt Connect2id 1.10 1.10
Nimbus_jose+jwt Connect2id 2.22 2.22
Nimbus_jose+jwt Connect2id 4.31.1 4.31.1
Nimbus_jose+jwt Connect2id 2.25 2.25
Nimbus_jose+jwt Connect2id 4.1.1 4.1.1
Nimbus_jose+jwt Connect2id 4.6 4.6
Nimbus_jose+jwt Connect2id 3.4 3.4
Nimbus_jose+jwt Connect2id 4.24 4.24
Nimbus_jose+jwt Connect2id 2.13.0 2.13.0
Nimbus_jose+jwt Connect2id 2.15.2 2.15.2
Nimbus_jose+jwt Connect2id 4.8 4.8
Nimbus_jose+jwt Connect2id 4.35 4.35
Nimbus_jose+jwt Connect2id 1.9 1.9
Nimbus_jose+jwt Connect2id 3.2.1 3.2.1
Nimbus_jose+jwt Connect2id 2.20 2.20
Nimbus_jose+jwt Connect2id 2.1.1 2.1.1
Nimbus_jose+jwt Connect2id 3.5 3.5
Nimbus_jose+jwt Connect2id 1.5 1.5
Nimbus_jose+jwt Connect2id 2.17.2 2.17.2
Nimbus_jose+jwt Connect2id 4.37 4.37
Nimbus_jose+jwt Connect2id 4.38 4.38
Nimbus_jose+jwt Connect2id 2.4 2.4
Nimbus_jose+jwt Connect2id 3.1 3.1
Nimbus_jose+jwt Connect2id 4.9 4.9
Nimbus_jose+jwt Connect2id 2.24 2.24
Nimbus_jose+jwt Connect2id 3.6 3.6
Nimbus_jose+jwt Connect2id 2.10 2.10
Nimbus_jose+jwt Connect2id 4.10 4.10
Nimbus_jose+jwt Connect2id 3.10 3.10
Nimbus_jose+jwt Connect2id 2.17 2.17
Nimbus_jose+jwt Connect2id 4.34 4.34
Nimbus_jose+jwt Connect2id 4.27.1 4.27.1
Nimbus_jose+jwt Connect2id 3.7 3.7
Nimbus_jose+jwt Connect2id 1.1 1.1
Nimbus_jose+jwt Connect2id 4.13.1 4.13.1
Nimbus_jose+jwt Connect2id 4.27 4.27
Nimbus_jose+jwt Connect2id 2.18.1 2.18.1
Nimbus_jose+jwt Connect2id 4.16.1 4.16.1
Nimbus_jose+jwt Connect2id 4.21 4.21
Nimbus_jose+jwt Connect2id 4.19 4.19
Nimbus_jose+jwt Connect2id 2.12.0 2.12.0
Nimbus_jose+jwt Connect2id 1.8 1.8
Nimbus_jose+jwt Connect2id 2.18 2.18
Nimbus_jose+jwt Connect2id 4.15 4.15
Nimbus_jose+jwt Connect2id 4.12 4.12
Nimbus_jose+jwt Connect2id 4.2 4.2
Nimbus_jose+jwt Connect2id 1.11 1.11
Nimbus_jose+jwt Connect2id 3.8.2 3.8.2
Nimbus_jose+jwt Connect2id 2.14 2.14
Nimbus_jose+jwt Connect2id 1.2 1.2
Nimbus_jose+jwt Connect2id 1.6 1.6
Nimbus_jose+jwt Connect2id 4.36.1 4.36.1
Nimbus_jose+jwt Connect2id 2.19.1 2.19.1
Nimbus_jose+jwt Connect2id 2.3 2.3
Nimbus_jose+jwt Connect2id 3.9.1 3.9.1
Nimbus_jose+jwt Connect2id 2.23 2.23
Nimbus_jose+jwt Connect2id 4.13 4.13
Nimbus_jose+jwt Connect2id 4.14 4.14
Nimbus_jose+jwt Connect2id 4.33 4.33
Nimbus_jose+jwt Connect2id 4.37.1 4.37.1
Nimbus_jose+jwt Connect2id 2.7 2.7
Nimbus_jose+jwt Connect2id 4.11.1 4.11.1
Nimbus_jose+jwt Connect2id 4.5 4.5
Nimbus_jose+jwt Connect2id 3.2 3.2
Nimbus_jose+jwt Connect2id 2.0.1 2.0.1
Nimbus_jose+jwt Connect2id 2.9 2.9
Nimbus_jose+jwt Connect2id 4.34.1 4.34.1
Nimbus_jose+jwt Connect2id 3.1.2 3.1.2
Nimbus_jose+jwt Connect2id 3.0 3.0
Nimbus_jose+jwt Connect2id 2.26.1 2.26.1
Nimbus_jose+jwt Connect2id 4.4 4.4
Nimbus_jose+jwt Connect2id 2.0 2.0
Nimbus_jose+jwt Connect2id 4.20 4.20
Nimbus_jose+jwt Connect2id 3.2.2 3.2.2
Nimbus_jose+jwt Connect2id 1.3 1.3
Nimbus_jose+jwt Connect2id 4.23 4.23
Nimbus_jose+jwt Connect2id 4.29 4.29
Nimbus_jose+jwt Connect2id 4.30 4.30
Nimbus_jose+jwt Connect2id 2.11.0 2.11.0
Nimbus_jose+jwt Connect2id 3.9.2 3.9.2
Nimbus_jose+jwt Connect2id 4.3.1 4.3.1
Nimbus_jose+jwt Connect2id 4.16 4.16
Nimbus_jose+jwt Connect2id 1.0 1.0
Nimbus_jose+jwt Connect2id 2.21 2.21
Nimbus_jose+jwt Connect2id 1.12 1.12
Nimbus_jose+jwt Connect2id 4.16.2 4.16.2
Nimbus_jose+jwt Connect2id 2.15 2.15
Nimbus_jose+jwt Connect2id 2.15.1 2.15.1
Nimbus_jose+jwt Connect2id 3.8 3.8
Nimbus_jose+jwt Connect2id 4.26.1 4.26.1
Nimbus_jose+jwt Connect2id 2.5 2.5
Nimbus_jose+jwt Connect2id 4.15.1 4.15.1
Nimbus_jose+jwt Connect2id 4.32 4.32
Nimbus_jose+jwt Connect2id 4.22 4.22
Nimbus_jose+jwt Connect2id 2.2 2.2
Nimbus_jose+jwt Connect2id 2.13.1 2.13.1
Nimbus_jose+jwt Connect2id 3.3 3.3
Nimbus_jose+jwt Connect2id 2.26 2.26
Nimbus_jose+jwt Connect2id 2.18.2 2.18.2
Nimbus_jose+jwt Connect2id 3.8.1 3.8.1
Nimbus_jose+jwt Connect2id 3.1.1 3.1.1
Nimbus_jose+jwt Connect2id 4.25 4.25
Nimbus_jose+jwt Connect2id 2.22.1 2.22.1
Nimbus_jose+jwt Connect2id 4.31 4.31
Nimbus_jose+jwt Connect2id 4.11 4.11
Nimbus_jose+jwt Connect2id 4.11.2 4.11.2
Nimbus_jose+jwt Connect2id 4.7 4.7
Nimbus_jose+jwt Connect2id 4.18 4.18
Nimbus_jose+jwt Connect2id 4.26 4.26
Nimbus_jose+jwt Connect2id 3.9 3.9
Nimbus_jose+jwt Connect2id 2.17.1 2.17.1
Nimbus_jose+jwt Connect2id 2.8 2.8
Nimbus_jose+jwt Connect2id 4.1 4.1
Nimbus_jose+jwt Connect2id 4.0.1 4.0.1
Nimbus_jose+jwt Connect2id 4.28 4.28

Potential Mitigations

References