jpaseto is vulnerable to generating insecure hashes. The vulnerability exists because it has a flawed calculation of hashes using Blake2b.hash
since the order of arguments passed to the hash function is wrong, resulting in weak or insecure hashes for v2.local tokens.
CPE | Name | Operator | Version |
---|---|---|---|
jpaseto :: impl | le | 0.2.0 | |
jpaseto :: crypto :: sodium | le | 0.2.0 |