Impact
When using PKCS v1.5 padding in a JWT/JWE, one is vulnerable to the so-called Marvin attack. The Marvin Attack is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key. As such the JWE RSA1_5 algorithm should no longer be used and is in fact deprecated.
Patches
Users can upgrade to a version of cjose >= 0.6.2.3 which disables the use of PKCS v1.5 - by default - at compile-time.
Workarounds
Users may avoid using PKCS v1.5 even though they are on a version of cjose that still allows using it.
References
https://people.redhat.com/~hkario/marvin/
thalman Analyst
Impact
When using PKCS v1.5 padding in a JWT/JWE, one is vulnerable to the so-called Marvin attack. The Marvin Attack is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key. As such the JWE
RSA1_5algorithm should no longer be used and is in fact deprecated.Patches
Users can upgrade to a version of cjose >= 0.6.2.3 which disables the use of PKCS v1.5 - by default - at compile-time.
Workarounds
Users may avoid using PKCS v1.5 even though they are on a version of cjose that still allows using it.
References
https://people.redhat.com/~hkario/marvin/