Morgan Brown

**Name of the Vulnerable Software and Affected Versions** Microsoft Identity versions prior to 5.7.0 Microsoft Identity versions prior to 6.34.0 Microsoft Identity versions prior to 7.1.2 **Description** The issue is related to incorrect clearing or release of resources in the Microsoft Identity library for the .NET platform. An attacker could exploit this by crafting a malicious JSON Web Encryption (JWE) token with a high compression ratio, leading to excessive memory allocation and processing time during decompression, causing a denial-of-service (DoS) condition. The attacker must have access to the public encrypt key registered with the IDP (Entra ID) for successful exploitation. **Recommendations** For versions prior to 5.7.0, update to version 5.7.0 or higher. For versions prior to 6.34.0, update to version 6.34.0 or higher. For versions prior to 7.1.2, update to version 7.1.2 or higher.

Name of the Vulnerable Software and Affected Versions: jose versions prior to 1.28.1 jose versions prior to 2.0.5 jose versions prior to 3.11.4 Description: The issue concerns the AES CBC HMAC SHA2 Algorithm, where a possibly observable difference in timing when a padding error occurs during decryption makes a padding oracle. An adversary might be able to use this oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle, where b is the number of bytes in the ciphertext block. Recommendations: For versions prior to 1.28.1, upgrade the dependency to ^1.28.1. For versions prior to 2.0.5, upgrade the dependency to ^2.0.5. For versions prior to 3.11.4, upgrade the dependency to ^3.11.4.

Name of the Vulnerable Software and Affected Versions: jose-browser-runtime versions prior to 3.11.4 Description: The AES CBC HMAC SHA2 Algorithm decryption in jose-browser-runtime has a padding oracle vulnerability. This occurs because a possibly observable difference in timing when a padding error happens while decrypting the ciphertext can be used by an adversary to decrypt data without knowing the decryption key. The adversary can make use of this oracle by issuing on average 128*b calls to the padding oracle, where b is the number of bytes in the ciphertext block. Recommendations: For versions prior to 3.11.4, upgrade to version 3.11.4 or later. Specifically, users should upgrade to ^3.11.4 to ensure the HMAC tag is verified before performing CBC decryption, thus mitigating the vulnerability.

Name of the Vulnerable Software and Affected Versions: jose-node-esm-runtime versions prior to 3.11.4 Description: The AES CBC HMAC SHA2 Algorithm decryption in the jose-node-esm-runtime package has a timing difference when a padding error occurs, creating a padding oracle. This allows an adversary to potentially decrypt data without knowing the decryption key by making on average 128*b calls to the padding oracle, where b is the number of bytes in the ciphertext block. The issue arises because both HMAC tag verification and CBC decryption are executed, and a possibly observable difference in timing occurs when a padding error happens. Recommendations: For versions prior to 3.11.4, upgrade to version 3.11.4 or later to ensure the HMAC tag is verified before performing CBC decryption, preventing the padding oracle issue.

Name of the Vulnerable Software and Affected Versions: jose-node-cjs-runtime versions prior to 3.11.4 Description: The AES CBC HMAC SHA2 Algorithm decryption in the jose-node-cjs-runtime package has a timing difference when a padding error occurs, creating a padding oracle. This allows an adversary to potentially decrypt data without knowing the decryption key by making on average 128*b calls to the padding oracle, where b is the number of bytes in the ciphertext block. Recommendations: For versions prior to 3.11.4, upgrade to version 3.11.4 or later to ensure the HMAC tag is verified before performing CBC decryption.