CVE Vulnerabilities

CVE-2010-4252

Improper Authentication

Published: Dec 06, 2010 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
7.5 IMPORTANT
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Openssl Openssl 0.9.1c 0.9.1c
Openssl Openssl 0.9.2b 0.9.2b
Openssl Openssl 0.9.3 0.9.3
Openssl Openssl 0.9.3a 0.9.3a
Openssl Openssl 0.9.4 0.9.4
Openssl Openssl 0.9.5 0.9.5
Openssl Openssl 0.9.5 0.9.5
Openssl Openssl 0.9.5 0.9.5
Openssl Openssl 0.9.5a 0.9.5a
Openssl Openssl 0.9.5a 0.9.5a
Openssl Openssl 0.9.5a 0.9.5a
Openssl Openssl 0.9.6 0.9.6
Openssl Openssl 0.9.6 0.9.6
Openssl Openssl 0.9.6 0.9.6
Openssl Openssl 0.9.6 0.9.6
Openssl Openssl 0.9.6a 0.9.6a
Openssl Openssl 0.9.6a 0.9.6a
Openssl Openssl 0.9.6a 0.9.6a
Openssl Openssl 0.9.6a 0.9.6a
Openssl Openssl 0.9.6b 0.9.6b
Openssl Openssl 0.9.6c 0.9.6c
Openssl Openssl 0.9.6d 0.9.6d
Openssl Openssl 0.9.6e 0.9.6e
Openssl Openssl 0.9.6f 0.9.6f
Openssl Openssl 0.9.6g 0.9.6g
Openssl Openssl 0.9.6h 0.9.6h
Openssl Openssl 0.9.6i 0.9.6i
Openssl Openssl 0.9.6j 0.9.6j
Openssl Openssl 0.9.6k 0.9.6k
Openssl Openssl 0.9.6l 0.9.6l
Openssl Openssl 0.9.6m 0.9.6m
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7a 0.9.7a
Openssl Openssl 0.9.7b 0.9.7b
Openssl Openssl 0.9.7c 0.9.7c
Openssl Openssl 0.9.7d 0.9.7d
Openssl Openssl 0.9.7e 0.9.7e
Openssl Openssl 0.9.7f 0.9.7f
Openssl Openssl 0.9.7g 0.9.7g
Openssl Openssl 0.9.7h 0.9.7h
Openssl Openssl 0.9.7i 0.9.7i
Openssl Openssl 0.9.7j 0.9.7j
Openssl Openssl 0.9.7k 0.9.7k
Openssl Openssl 0.9.7l 0.9.7l
Openssl Openssl 0.9.7m 0.9.7m
Openssl Openssl 0.9.8 0.9.8
Openssl Openssl 0.9.8a 0.9.8a
Openssl Openssl 0.9.8b 0.9.8b
Openssl Openssl 0.9.8c 0.9.8c
Openssl Openssl 0.9.8d 0.9.8d
Openssl Openssl 0.9.8e 0.9.8e
Openssl Openssl 0.9.8f 0.9.8f
Openssl Openssl 0.9.8g 0.9.8g
Openssl Openssl 0.9.8h 0.9.8h
Openssl Openssl 0.9.8i 0.9.8i
Openssl Openssl 0.9.8j 0.9.8j
Openssl Openssl 0.9.8k 0.9.8k
Openssl Openssl 0.9.8l 0.9.8l
Openssl Openssl 0.9.8m 0.9.8m
Openssl Openssl 0.9.8n 0.9.8n
Openssl Openssl 0.9.8o 0.9.8o
Openssl Openssl 0.9.8p 0.9.8p
Openssl Openssl 1.0.0 1.0.0
Openssl Openssl 1.0.0 1.0.0
Openssl Openssl 1.0.0 1.0.0
Openssl Openssl 1.0.0 1.0.0
Openssl Openssl 1.0.0 1.0.0
Openssl Openssl 1.0.0 1.0.0
Openssl Openssl 1.0.0a 1.0.0a
Openssl Openssl * 1.0.0b

Potential Mitigations

References