Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-4252

Опубликовано: 06 дек. 2010
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Версия до 1.0.0b (включая)
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

EPSS

Процентиль: 82%
0.01803
Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

ubuntu логотип

CVE-2010-4252

ubuntu
около 15 лет назад

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

redhat логотип

CVE-2010-4252

redhat
около 15 лет назад

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

debian логотип

CVE-2010-4252

debian
около 15 лет назад

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly valid ...

github логотип

GHSA-4wx9-m243-hr54

github
больше 3 лет назад

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

fstec логотип

BDU:2015-09418

CVSS3: 7.3
fstec
больше 14 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 82%
0.01803
Низкий

7.5 High

CVSS2

Дефекты

CWE-287