Session fixation

2016-04-1223:59:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.6%

JSON

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application’s failure to detect an RSA signature failure during a TLS session.

CPENameOperatorVersion
bsafe_crypto-c-micro-editionge4.0
bsafe_crypto-c-micro-editionle4.0.5.3
bsafe_crypto-c-micro-editionge4.1
bsafe_crypto-c-micro-editionle4.1.2
bsafe_crypto-jlt6.2.1
bsafe_micro-edition-suitege4.0.0
bsafe_micro-edition-suitele4.0.11
bsafe_micro-edition-suitege4.1.0
bsafe_micro-edition-suitelt4.1.5
bsafe_ssl-clt2.8.9

Name	Operator	Version
bsafe_crypto-c-micro-edition	ge	4.0
bsafe_crypto-c-micro-edition	le	4.0.5.3
bsafe_crypto-c-micro-edition	ge	4.1
bsafe_crypto-c-micro-edition	le	4.1.2
bsafe_crypto-j	lt	6.2.1
bsafe_micro-edition-suite	ge	4.0.0
bsafe_micro-edition-suite	le	4.0.11
bsafe_micro-edition-suite	ge	4.1.0
bsafe_micro-edition-suite	lt	4.1.5
bsafe_ssl-c	lt	2.8.9

Rows per page:

1-10 of 111

References

packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html

seclists.org/bugtraq/2016/Apr/66

www.securityfocus.com/archive/1/538055/100/0/threaded

www.securitytracker.com/id/1035515

www.securitytracker.com/id/1035516

www.securitytracker.com/id/1035517