PT-2017-9536 · Emc · Emc Rsa Bsafe Crypto-J

Publicado

2017-02-03

Atualizado

2021-12-16

CVE-2016-8217

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions EMC RSA BSAFE Crypto-J versions prior to 6.2.2

Description The issue allows for a possible timing attack by modifying a PKCS#12 file with an unknown password, enabling an attacker to guess the current MAC one byte at a time. This is due to the use of a non-constant-time method for comparing the stored MAC with the calculated MAC.

Recommendations For versions prior to 6.2.2, update to version 6.2.2 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2016-8217

Produtos afetados

Emc Rsa Bsafe Crypto-J

PT-2017-9536 · Emc · Emc Rsa Bsafe Crypto-J

CVE-2016-8217

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5