CVE-2016-6329 — MEDIUM (5.9)

Q: How severe is CVE-2016-6329?

CVE-2016-6329 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-6329?

Check the references section above for vendor advisories and patch information. Affected products include: Openvpn Openvpn.

Vulnerability Description

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Openvpn	Openvpn	<= 2.3.14

Related Weaknesses (CWE)

CWE-310 CWE-200

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697Permissions RequiredThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21991482Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21995039Third Party Advisory
http://www.securityfocus.com/bid/92631Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036695Third Party AdvisoryVDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://community.openvpn.net/openvpn/wiki/SWEET32Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cThird Party Advisory
https://security.gentoo.org/glsa/201611-02Third Party Advisory
https://sweet32.info/Technical DescriptionThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697Permissions RequiredThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21991482Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21995039Third Party Advisory
http://www.securityfocus.com/bid/92631Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036695Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-6329?

CVE-2016-6329 is a vulnerability with a CVSS score of 5.9 (MEDIUM). OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-ove...

How severe is CVE-2016-6329?

CVE-2016-6329 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6329?

Check the references section above for vendor advisories and patch information. Affected products include: Openvpn Openvpn.