CVE-2010-4252

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.0e OpenSSL versions prior to 1.0.0c

Description The issue concerns multiple vulnerabilities in the OpenSSL package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, when J-PAKE is enabled, OpenSSL does not properly validate the public parameters in the J-PAKE protocol, allowing remote attackers to bypass the need for knowledge of the shared secret and successfully authenticate by sending crafted values in each round of the protocol.

Recommendations For versions prior to 1.0.0c, update to version 1.0.0c or later to resolve the issue with J-PAKE protocol validation. For versions prior to 1.0.0e, update to version 1.0.0e or later to address the multiple vulnerabilities.