CVE-2010-4252 in OpenSSLinfo

Summary

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/16/2010

Disclosure

12/06/2010

Moderation

VulDB entry created

Entries

1: VDB-55636

CPE

ready

CWE

CWE-287 (Confirmed)

CVSS

7.3

EPSS

0.01803

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2010-4252
NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-4252
CVE Details	https://www.cvedetails.com/cve/CVE-2010-4252/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!