Developers - Critical flaw alert! Stop using JSON encryption

Well, you know a patch/fix is forthcoming. When is the question? This sounds VERY nasty.

A vulnerability in a JSON-based web encryption protocol could allow attackers to retrieve private keys. Cryptography experts have advised against developers using JSON Web Encryption (JWE) in their applications in the past, and this vulnerability illustrates those very dangers.

Software libraries implementing the JWE, or RFC 7516, specification suffer from a classic Invalid Curve Attack, wrote Antonio Sanso, a senior software engineer at Adobe Research Switzerland and part of the Adobe Experience Manager security team. The JSON Web Token (JWT) is a JSON-based open standard defined in the OAuth specification family used for creating access tokens, and JWE is a set of signing and encryption methods for JWT. Developers using JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) are affected. 

Read more.

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

  • Get Back the WinX power user menu Control Panel Post Creators Udpate
    Written by

    Da Boss!

    Get Back the WinX power user menu Control Panel Post Creators Udpate As MS moves more and more of the old school…
    Read more...
  • Nearly all WannaCry victims were running Windows 7
    Written by

    Da Boss!

    Nearly all WannaCry victims were running Windows 7 Yep... and this will continue until people start to get…
    Read more...
  • New Tool Could Liberate PCs Infected With WannaCry
    Written by

    Da Boss!

    New Tool Could Liberate PCs Infected With WannaCry Huh....well, if you happen to be one of the MANY…
    Read more...
  • Code 80243004 – Windows Update encountered an unknown error - FIX
    Written by

    Da Boss!

    Code 80243004 – Windows Update encountered an unknown error - FIX This is one of those fixes you would NEVER have…
    Read more...
  • Unpatched Windows OS on the Rise
    Written by

    Da Boss!

    Unpatched Windows OS on the Rise I put this up to remind you all to PATCH…
    Read more...

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.