Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

CVE Kennung:CVE-2010-4252
Beschreibung:OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
Test Kennungen: 1.3.6.1.4.1.25623.1.0.105400  
Querverweise: Common Vulnerability Exposure (CVE) ID: CVE-2010-4252
BugTraq ID: 45163
http://www.securityfocus.com/bid/45163
HPdes Security Advisory: HPSBOV02670
http://marc.info/?l=bugtraq&m=130497251507577&w=2
HPdes Security Advisory: HPSBUX02638
http://marc.info/?l=bugtraq&m=129916880600544&w=2
HPdes Security Advisory: SSRT100339
http://marc.info/?l=bugtraq&m=129916880600544&w=2
HPdes Security Advisory: SSRT100475
http://marc.info/?l=bugtraq&m=130497251507577&w=2
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
https://github.com/seb-m/jpake
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039
http://securitytracker.com/id?1024823
http://secunia.com/advisories/42469
http://secunia.com/advisories/57353
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
http://www.vupen.com/english/advisories/2010/3120
http://www.vupen.com/english/advisories/2010/3122




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.