CVE-2016-0887

Published on: 04/12/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Rsa Bsafe from Emc contain the following vulnerability:

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.

  • CVE-2016-0887 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 2.6 - LOW

Access
Vector
Access
Complexity
Authentication
NETWORK HIGH NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
RSA BSAFE Crypto-J 'ServerKeyExchange' Flaw Lets Remote Users Obtain Private Keys on the Target System - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1035516
RSA BSAFE Crypto-C Micro Edition 'ServerKeyExchange' Flaw Lets Remote Users Obtain Private Keys on the Target System - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1035515
RSA BSAFE Lenstra's Attack ≈ Packet Storm Third Party Advisory
VDB Entry
packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html
SecurityFocus Third Party Advisory
VDB Entry
www.securityfocus.com
text/html
URL Logo BUGTRAQ 20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability
RSA BSAFE SSL-J 'ServerKeyExchange' Flaw Lets Remote Users Obtain Private Keys on the Target System - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1035517
Bugtraq: ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra’s Attack Vulnerability Mailing List
Third Party Advisory
seclists.org
text/html
URL Logo BUGTRAQ 20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationEmcRsa BsafeAllAllAllAll
ApplicationEmcRsa BsafeAllAllAllAll
ApplicationEmcRsa BsafeAllAllAllAll
ApplicationEmcRsa Bsafe Crypto-cAllAllAllAll
ApplicationEmcRsa Bsafe Crypto-cAllAllAllAll
ApplicationEmcRsa Bsafe Crypto-jAllAllAllAll
ApplicationEmcRsa Bsafe Crypto-jAllAllAllAll
ApplicationEmcRsa Bsafe Ssl-cAllAllAllAll
ApplicationEmcRsa Bsafe Ssl-cAllAllAllAll
ApplicationEmcRsa Bsafe Ssl-jAllAllAllAll
ApplicationEmcRsa Bsafe Ssl-jAllAllAllAll
  • cpe:2.3:a:emc:rsa_bsafe:*:*:*:*:micro_edition_suite:*:*:*:
  • cpe:2.3:a:emc:rsa_bsafe:*:*:*:*:micro_edition_suite:*:*:*:
  • cpe:2.3:a:emc:rsa_bsafe:*:*:*:*:micro_edition_suite:*:*:*:
  • cpe:2.3:a:emc:rsa_bsafe_crypto-c:*:*:*:*:micro:*:*:*:
  • cpe:2.3:a:emc:rsa_bsafe_crypto-c:*:*:*:*:micro:*:*:*:
  • cpe:2.3:a:emc:rsa_bsafe_crypto-j:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:emc:rsa_bsafe_crypto-j:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:emc:rsa_bsafe_ssl-c:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:emc:rsa_bsafe_ssl-c:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:emc:rsa_bsafe_ssl-j:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:emc:rsa_bsafe_ssl-j:*:*:*:*:*:*:*:*: