Medium severity5.3NVD Advisory· Published Sep 1, 2016· Updated Jun 17, 2026
CVE-2016-6298
CVE-2016-6298
Description
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jwcryptoPyPI | < 0.3.2 | 0.3.2 |
Affected products
2Patches
Vulnerability mechanics
References
9- github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5a7banvdIssue TrackingPatchVendor AdvisoryWEB
- github.com/latchset/jwcrypto/pull/66nvdIssue TrackingPatchWEB
- github.com/latchset/jwcrypto/releases/tag/v0.3.2nvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/92729nvdBroken LinkThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-wg33-x934-3ghhghsaADVISORY
- github.com/latchset/jwcrypto/issues/65nvdIssue TrackingVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-6298ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/jwcrypto/PYSEC-2016-4.yamlghsaWEB
- web.archive.org/web/20200227230613/http://www.securityfocus.com/bid/92729ghsaWEB
News mentions
0No linked articles in our index yet.