RSA BSAFE Crypto-J Lets Remote Users Bypass Fingerprint Based Certificate Restrictions on the Target System : 8/18/2015 3:28:06 AM

Start a FREE Trial with New Relic and we'll send you this geek-chic shirt 4 FREE
From our sponsors
 

 

Vulnerability Databse
This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text.

RSA BSAFE Crypto-J Lets Remote Users Bypass Fingerprint Based Certificate Restrictions on the Target System
8/18/2015 12:00:00 AM

RSA BSAFE Crypto-J Lets Remote Users Bypass Fingerprint Based Certificate Restrictions on the Target System
SecurityTracker Alert ID:  1033298
SecurityTracker URL:  http://securitytracker.com/id/1033298
CVE Reference:   CVE-2015-0534   (Links to External Site)
Date:  Aug 18 2015
Impact:   Modification of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.2
Description:   A vulnerability was reported in RSA BSAFE Crypto-J. A remote user can bypass security controls on the target system.

A remote user can modify certificate fingerprints and include specially crafted data within the unsigned portion of a certificate to bypass fingerprint-based certificate blacklist security controls on the target system.

Impact:   A remote user can bypass fingerprint-based certificate blacklist security controls on the target system.
Solution:   The vendor has issued a fix (Advisory ESA-2015-081; version 6.2).
Vendor URL:  www.rsa.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  

Message History:   None.

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

Diberdayakan oleh Blogger.