CVE-2017-10668

Name of the Vulnerable Software and Affected Versions OSCI Transport Library versions 1.6, 1.6.1

Description A Padding Oracle issue exists, allowing an attacker to decrypt transport encryption under a man-in-the-middle (MITM) condition within the OSCI infrastructure. The attacker must send crafted protocol messages to analyze the CBC mode padding.

Recommendations For OSCI Transport Library version 1.6, update to a version that fixes the Padding Oracle issue. For OSCI Transport Library version 1.6.1, update to a version that fixes the Padding Oracle issue. As a temporary workaround, consider restricting access to the OSCI infrastructure to minimize the risk of exploitation.