漏洞标题
N/A
漏洞描述信息
EMC RSA BSAFE Crypto-J版本在6.2.2之前具有一个PKCS#12计时攻击漏洞。攻击者可以通过修改一个已知有完整性MAC的PKCS#12文件来执行可能的计时攻击。然后,攻击者可以将修改后的PKCS#12文件提交到工具包中,逐一猜测当前MAC的字节。这是因为Crypto-J使用非恒定时间方法比较存储的MAC和计算的MAC。这种漏洞与CVE-2015-2601中描述的问题相似。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
EMC RSA BSAFE Crypto-J 信息泄露漏洞
漏洞描述信息
EMC RSA BSAFE Crypto-J是美国易安信(EMC)公司的一个加密工具包,它可以为开发人员提供向其应用程序添加隐私和身份验证功能的工具。 EMC RSA BSAFE Crypto-J 6.2.2之前的版本存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。
CVSS信息
N/A
漏洞类别
信息泄露