PKCS#12 Timing Attack Vulnerability in EMC RSA BSAFE Crypto-J
CVE-2016-8217

3.7LOW

Key Information:

Vendor
Dell
Status
Rsa Bsafe Crypto-j Rsa Bsafe Crypto-j Versions Prior To 6.2.2
Vendor
CVE Published:
3 February 2017

Summary

The EMC RSA BSAFE Crypto-J library, prior to version 6.2.2, is susceptible to a timing attack via manipulated PKCS#12 files. This vulnerability allows an attacker to exploit the non-constant-time MAC comparison method implemented in Crypto-J, enabling them to iteratively guess the integrity MAC byte by byte, potentially compromising sensitive data. The flaw resembles issues previously documented in similar vulnerabilities, underscoring the need for secure coding practices and timely updates.

Affected Version(s)

RSA BSAFE Crypto-J RSA BSAFE Crypto-J prior to 6.2.2 RSA BSAFE Crypto-J RSA BSAFE Crypto-J versions prior to 6.2.2

References

http://www.securityfocus.com/archive/1/540066/30/0/threaded
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95831
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037732
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.