PT-2023-32738 · Jwcrypto+6 · Jwcrypto+6
Rohit Keshri
·
Publicado
2023-12-28
·
Atualizado
2026-05-06
·
CVE-2023-6681
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
JWCrypto (affected versions not specified)
Description
A flaw was found in JWCrypto, allowing an attacker to cause a denial of service (DoS) attack and making password brute-force and dictionary attacks more resource-intensive. This issue results in a large amount of computational consumption, leading to a denial of service attack. The vulnerability affects applications that use the PBKDF2 algorithm.
Recommendations
To resolve the issue, applications that do not need to use PBKDF2 should exclude it from the list of algorithms.
Applications that need to use the algorithm should upgrade to the new version that allows setting a maximum number of rounds.
As a temporary workaround, consider setting the maximum number of default rounds to prevent excessive computational consumption.
Correção
DoS
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Almalinux
Centos
Debian
Jwcrypto
Red Hat
Red Os
Rocky Linux