exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

CVE-2010-4252

Status Candidate

Overview

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Related Files

VMware Security Advisory 2012-0013
Posted Sep 1, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0013 - VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2010-2761, CVE-2010-4180, CVE-2010-4252, CVE-2010-4410, CVE-2011-0014, CVE-2011-1020, CVE-2011-1089, CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-2699, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-3597, CVE-2011-4108, CVE-2011-4109, CVE-2011-4110, CVE-2011-4128, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2011-4576, CVE-2011-4577, CVE-2011-4609
MD5 | ab37b6926b046653acdeeef66e7c85ba
HP Security Bulletin HPSBOV02670 SSRT100475
Posted May 10, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02670 SSRT100475 - Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2010-3864, CVE-2010-4180, CVE-2010-4252, CVE-2011-0014
MD5 | 2cd4ea2d2b86d9c3511aa0ba7e3d5f22
HP Security Bulletin HPSBUX02638 SSRT100339
Posted Mar 3, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02638 SSRT100339 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary
systems | hpux
advisories | CVE-2010-4252
MD5 | a77eb47f38198de61b1531fb35a4a903
OpenSSL Toolkit 1.0.0c
Posted Dec 7, 2010
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: An error was fixed in the experimental J-PAKE implementation, which could lead to successful validation by someone with no knowledge of the shared secret. This issue was reported as CVE-2010-4252. An old bug in a workaround that allowed malicious clients to modify the stored session cache ciphersuite was fixed. This issue was reported as CVE-2010-4180.
tags | encryption, protocol
systems | unix
advisories | CVE-2010-4252, CVE-2010-4180
MD5 | ff8fb85610aef328315a9decbb2712e4
OpenSSL Ciphersuite Downgrade Attack / JPAKE Validate Error
Posted Dec 3, 2010
Site openssl.org

A flaw has been found in the OpenSSL SSL/TLS server code where an old bug workaround allows malicious clients to modify the stored session cache ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections. Sebastian Martini found an error in OpenSSL's J-PAKE implementation which could lead to successful validation by someone with no knowledge of the shared secret.

tags | advisory
advisories | CVE-2010-4180, CVE-2010-4252
MD5 | 886645870149ac5558b60349ccf989cf
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close