CVE-2016-8217 in RSA BSAFE Crypto-Jजानकारी

सारांश

द्वारा MITRE

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

आरक्षित करना

13/09/2016

प्रकटीकरण

03/02/2017

प्रविष्टि

VDB-96088

EPSS

0.01494

गतिविधियाँ

बहुत कम

स्रोत

Do you need the next level of professionalism?

Upgrade your account now!