PKCS#12 Timing Attack Vulnerability in EMC RSA BSAFE Crypto-J
CVE-2016-8217

3.7LOW

Key Information:

Vendor

Dell
Status
Rsa Bsafe Crypto-j Rsa Bsafe Crypto-j Versions Prior To 6.2.2
Vendor
CVE Published:
3 February 2017

What is CVE-2016-8217?

The EMC RSA BSAFE Crypto-J library, prior to version 6.2.2, is susceptible to a timing attack via manipulated PKCS#12 files. This vulnerability allows an attacker to exploit the non-constant-time MAC comparison method implemented in Crypto-J, enabling them to iteratively guess the integrity MAC byte by byte, potentially compromising sensitive data. The flaw resembles issues previously documented in similar vulnerabilities, underscoring the need for secure coding practices and timely updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RSA BSAFE Crypto-J RSA BSAFE Crypto-J prior to 6.2.2 RSA BSAFE Crypto-J RSA BSAFE Crypto-J versions prior to 6.2.2

References

http://www.securityfocus.com/archive/1/540066/30/0/threaded
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95831
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037732
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.