CVE-2020-14341 — Covert Timing Channel in Redhat Single Sign-on

CWE-385 — Covert Timing Channel6 documents5 sources

Severity

2.7LOWNVD

EPSS

0.3%

top 46.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Single Sign-on RED HAT Single Sign-on

Timeline

PublishedJan 12

Latest updateMay 24

Description

The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶NVDredhat/single_sign-on7.0 — 7.4

▶CVEListV5red_hat/red_hat_single_sign-onv7.x

🔴Vulnerability Details

GHSA

GHSA-2fpm-8hx3-wxj9: The "Test Connection" available in v7↗2022-05-24

▶

CVEList

CVE-2020-14341: The "Test Connection" available in v7↗2021-01-12

▶

📋Vendor Advisories

Red Hat

RHSSO: test connection function in console permits timing based port scanning↗2020-11-18

▶

💬Community

Bugzilla

CVE-2020-14341 RHSSO: test connection function in console permits timing based port scanning↗2020-07-23

▶

Bugzilla

CVE-2018-14341 wireshark: DICOM dissector infinite loop (wnpa-sec-2018-39)↗2018-07-23

▶