CVE-2010-4252Improper Authentication in Openssl

CWE-287Improper AuthenticationCWE-284Improper Access Control10 documents5 sources
Severity
7.5HIGHNVD
EPSS
1.8%
top 17.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Openbsd OpensshOpensslDebian Openssh+1 more
Timeline
PublishedDec 6
Latest updateMay 17

Description

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

NVDopenssl/openssl1.0.0b+54
NVDopenbsd/openssh5.6+77

Patches

Patch: cvs.openssl.orgPatch: bugzilla.redhat.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-4wx9-m243-hr54: OpenSSL before 12022-05-17
GHSA
GHSA-7m62-4jfr-67wh: OpenSSH 52022-05-17

📋Vendor Advisories

4
Red Hat
openssl: session key retrieval flaw in J-PAKE implementation2010-11-29
Red Hat
openssh: J-PAKE authentication bypass2010-09-20
Debian
CVE-2010-4478: openssh - OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the ...2010
Debian
CVE-2010-4252: openssl - OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the pu...2010

💬Community

2
Bugzilla
CVE-2010-4478 openssh: J-PAKE authentication bypass2010-12-07
Bugzilla
CVE-2010-4252 openssl: session key retrieval flaw in J-PAKE implementation2010-12-02