QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2016-8217

Back to search

CVE-2016-8217

Published: Feb 3, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.

VendorProductVersions

n/a

RSA BSAFE Crypto-J RSA BSAFE Crypto-J versions prior to 6.2.2

affected
RSA BSAFE Crypto-J RSA BSAFE Crypto-J versions prior to 6.2.2

References

95831
vdb-entry
x_refsource_BID
1037732
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2016-8217 - Security Vulnerability | QwikSec