Tampering Vulnerability in OWASP Enterprise Security API for Java
CVE-2013-5679

Currently unrated

Key Information:

Vendor

Owasp

Status
Enterprise Security Api
Vendor
CVE Published:
30 September 2013

What is CVE-2013-5679?

The authenticated-encryption feature in the symmetric-encryption implementation of the OWASP Enterprise Security API (ESAPI) for Java versions prior to 2.1.0 is susceptible to tampering. This flaw allows remote attackers to potentially circumvent intended cryptographic protections by exploiting a weakness in the default configuration, which involves a null Message Authentication Code (MAC) and a MAC length of zero. As a result, attackers can manipulate serialized ciphertext, compromising the authenticity of encrypted data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/62415
vdb-entryx_refsource_BID
http://lists.owasp.org/pipermail/esapi-dev/2013-August/00...
mailing-listx_refsource_MLIST
http://code.google.com/p/owasp-esapi-java/issues/detail?i...
x_refsource_CONFIRM

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.