jwe is vulnerable to Brute-force Attack. The vulnerability is due to insufficient validation of JWE authentication tags, which allows an attacker to brute force tags, recover the GCM GHASH key, and craft arbitrary JWEs leading to loss of…Read More