Python Cryptography Authority · Cryptography · CVE-2016-9243
**Name of the Vulnerable Software and Affected Versions**
cryptography versions prior to 1.5.3
**Description**
The issue arises when HKDF in cryptography is used with a length less than algorithm.digest size, resulting in an empty byte-string being returned.
**Recommendations**
For versions prior to 1.5.3, update to version 1.5.3 or later to resolve the issue.