PT-2016-4444 · Rsa+1 · Rsa Bsafe Ssl-J+3
Publicado
2016-04-12
·
Atualizado
2021-12-09
·
CVE-2016-0887
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.1.x before 4.1.5
RSA BSAFE Crypto-C Micro Edition (CCME) versions 4.0.x through 4.1.x before 4.1.3
RSA BSAFE Crypto-J versions prior to 6.2.1
RSA BSAFE SSL-J versions prior to 6.2.1
RSA BSAFE SSL-C versions prior to 2.8.9
Description
The issue allows remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack. This attack leverages an application's failure to detect an RSA signature failure during a TLS session.
Recommendations
For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.1.x before 4.1.5, update to version 4.1.5 or later.
For RSA BSAFE Crypto-C Micro Edition (CCME) versions 4.0.x through 4.1.x before 4.1.3, update to version 4.1.3 or later.
For RSA BSAFE Crypto-J versions prior to 6.2.1, update to version 6.2.1 or later.
For RSA BSAFE SSL-J versions prior to 6.2.1, update to version 6.2.1 or later.
For RSA BSAFE SSL-C versions prior to 2.8.9, update to version 2.8.9 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Emc Rsa Bsafe Micro Edition Suite
Rsa Bsafe Crypto-C Micro Edition
Rsa Bsafe Crypto-J
Rsa Bsafe Ssl-J