QwikSec

Security Database

CVE

CWE

Training

CVE-2016-0270

Published: Feb 8, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21979604

x_refsource_CONFIRM

https://github.com/nonce-disrespect/nonce-disrespect

x_refsource_MISC

http://www-01.ibm.com/support/docview.wss?uid=swg21979673

x_refsource_CONFIRM

https://support.citrix.com/article/CTX220329

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21979669

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.