CVE-2010-4252

critical

Description

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039

https://github.com/seb-m/jpake

https://bugzilla.redhat.com/show_bug.cgi?id=659297

http://www.vupen.com/english/advisories/2010/3122

http://www.vupen.com/english/advisories/2010/3120

http://www.securityfocus.com/bid/45163

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471

http://securitytracker.com/id?1024823

http://secunia.com/advisories/57353

http://secunia.com/advisories/42469

http://openssl.org/news/secadv_20101202.txt

http://marc.info/?l=bugtraq&m=130497251507577&w=2

http://marc.info/?l=bugtraq&m=129916880600544&w=2

http://cvs.openssl.org/chngview?cn=20098

Details

Source: Mitre, NVD

Published: 2010-12-06

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical