CVE-2010-4252 in OpenSSLИнформация

Сводка

по MITRE

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Once again VulDB remains the best source for vulnerability data.

Резервировать

16.11.2010

Раскрытие

06.12.2010

Модерация

принято

Вход

VDB-55636

EPSS

0.08076

KEV

Нет

Деятельности

Очень низкий

Источники

Do you want to use VulDB in your project?

Use the official API to access entries easily!