PT-2016-4444 · Rsa+1 · Rsa Bsafe Ssl-J+3
Published
2016-04-12
·
Updated
2021-12-09
·
CVE-2016-0887
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.1.x before 4.1.5
RSA BSAFE Crypto-C Micro Edition (CCME) versions 4.0.x through 4.1.x before 4.1.3
RSA BSAFE Crypto-J versions prior to 6.2.1
RSA BSAFE SSL-J versions prior to 6.2.1
RSA BSAFE SSL-C versions prior to 2.8.9
Description
The issue allows remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack. This attack leverages an application's failure to detect an RSA signature failure during a TLS session.
Recommendations
For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.1.x before 4.1.5, update to version 4.1.5 or later.
For RSA BSAFE Crypto-C Micro Edition (CCME) versions 4.0.x through 4.1.x before 4.1.3, update to version 4.1.3 or later.
For RSA BSAFE Crypto-J versions prior to 6.2.1, update to version 6.2.1 or later.
For RSA BSAFE SSL-J versions prior to 6.2.1, update to version 6.2.1 or later.
For RSA BSAFE SSL-C versions prior to 2.8.9, update to version 2.8.9 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emc Rsa Bsafe Micro Edition Suite
Rsa Bsafe Crypto-C Micro Edition
Rsa Bsafe Crypto-J
Rsa Bsafe Ssl-J