CVE-2016-8217Sensitive Information Exposure in Dell Bsafe Crypto-j

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
3.7LOWNVD
CNA5.0
EPSS
0.3%
top 48.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Bsafe Crypto-j
Timeline
PublishedFeb 3
Latest updateMay 13

Description

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issu

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

NVDdell/bsafe_crypto-j< 6.2.2

🔴Vulnerability Details

2
GHSA
GHSA-34fw-m7m3-5c57: EMC RSA BSAFE Crypto-J versions prior to 62022-05-13
CVEList
CVE-2016-8217: EMC RSA BSAFE Crypto-J versions prior to 62017-02-03
CVE-2016-8217 — Sensitive Information Exposure in Dell | cvebase