Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2010-4252
Description:OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
Test IDs: 1.3.6.1.4.1.25623.1.0.105400   1.3.6.1.4.1.25623.1.0.112949   1.3.6.1.4.1.25623.1.0.112950  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2010-4252
BugTraq ID: 45163
http://www.securityfocus.com/bid/45163
HPdes Security Advisory: HPSBOV02670
http://marc.info/?l=bugtraq&m=130497251507577&w=2
HPdes Security Advisory: HPSBUX02638
http://marc.info/?l=bugtraq&m=129916880600544&w=2
HPdes Security Advisory: SSRT100339
http://marc.info/?l=bugtraq&m=129916880600544&w=2
HPdes Security Advisory: SSRT100475
http://marc.info/?l=bugtraq&m=130497251507577&w=2
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
https://github.com/seb-m/jpake
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039
http://securitytracker.com/id?1024823
http://secunia.com/advisories/42469
http://secunia.com/advisories/57353
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
http://www.vupen.com/english/advisories/2010/3120
http://www.vupen.com/english/advisories/2010/3122




© 1998-2024 E-Soft Inc. All rights reserved.