CVE-2016-0923

Name of the Vulnerable Software and Affected Versions EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.8 EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.4

Description The issue concerns the client in EMC RSA BSAFE Micro Edition Suite (MES) that places the weakest algorithms first in a signature-algorithm list transmitted to a server. This behavior makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.

Recommendations For versions 4.0.x through 4.0.8, update to version 4.0.9 or later. For versions 4.1.x through 4.1.4, update to version 4.1.5 or later.