QwikSec

Security Database

CVE

CWE

Training

CVE-2016-4379

Published: Sep 8, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

https://www.iacr.org/archive/eurocrypt2002/23320530/cbc02_e02d.pdf

x_refsource_MISC

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05249760

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.