PKCS#12 Timing Attack Vulnerability in EMC RSA BSAFE Crypto-J
CVE-2016-8217

3.7LOW

Key Information:

Vendor: Dell
Status: Rsa Bsafe Crypto-j Rsa Bsafe Crypto-j Versions Prior To 6.2.2
Vendor: CVE Published:; 3 February 2017

What is CVE-2016-8217?

The EMC RSA BSAFE Crypto-J library, prior to version 6.2.2, is susceptible to a timing attack via manipulated PKCS#12 files. This vulnerability allows an attacker to exploit the non-constant-time MAC comparison method implemented in Crypto-J, enabling them to iteratively guess the integrity MAC byte by byte, potentially compromising sensitive data. The flaw resembles issues previously documented in similar vulnerabilities, underscoring the need for secure coding practices and timely updates.

Affected Version(s)

RSA BSAFE Crypto-J RSA BSAFE Crypto-J prior to 6.2.2 RSA BSAFE Crypto-J RSA BSAFE Crypto-J versions prior to 6.2.2

References

http://www.securityfocus.com/archive/1/540066/30/0/threaded

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95831

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1037732

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2017
Vulnerability Reserved
Sep 13, 2016

Dell

What is CVE-2016-8217?

Affected Version(s)

References

CVSS V3.1

Timeline