Vulnerability Description
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | <= 1.0.0b |
Related Weaknesses (CWE)
References
- http://cvs.openssl.org/chngview?cn=20098Patch
- http://marc.info/?l=bugtraq&m=129916880600544&w=2
- http://marc.info/?l=bugtraq&m=130497251507577&w=2
- http://openssl.org/news/secadv_20101202.txt
- http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdfExploit
- http://secunia.com/advisories/42469Vendor Advisory
- http://secunia.com/advisories/57353
- http://securitytracker.com/id?1024823
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
- http://www.securityfocus.com/bid/45163
- http://www.vupen.com/english/advisories/2010/3120Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3122Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=659297Patch
- https://github.com/seb-m/jpakePatch
FAQ
What is CVE-2010-4252?
CVE-2010-4252 is a vulnerability with a CVSS score of 7.5 (HIGH). OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared sec...
How severe is CVE-2010-4252?
CVE-2010-4252 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4252?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl.