Improper OCSP Validation in RSA BSAFE Crypto-J by EMC
CVE-2016-8212

7.5HIGH

Key Information:

Vendor
Dell
Status
Rsa Bsafe Crypto-j Rsa Bsafe Crypto-j Versions Prior To 6.2.2
Vendor
CVE Published:
3 February 2017

Summary

An improper OCSP validation vulnerability exists in EMC's RSA BSAFE Crypto-J. In affected versions, the system incorrectly interprets the absence of the nextUpdate field in OCSP responses as validation for an indefinite period. This flaw could potentially allow unauthorized access by ignoring expiration constraints, thereby undermining the efficacy of OCSP for certificate status verification. Users are urged to update to versions 6.2.2 or later to mitigate this security risk.

Affected Version(s)

RSA BSAFE Crypto-J RSA BSAFE Crypto-J prior to 6.2.2 RSA BSAFE Crypto-J RSA BSAFE Crypto-J versions prior to 6.2.2

References

http://www.securityfocus.com/archive/1/540066/30/0/threaded
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95831
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037732
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.