CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications

Weakness

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

Affected Software

Potential Mitigations

• Common protection mechanisms include:

• Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].

• Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/16.html
• https://cwe.mitre.org/data/definitions/49.html
• https://cwe.mitre.org/data/definitions/560.html
• https://cwe.mitre.org/data/definitions/565.html
• https://cwe.mitre.org/data/definitions/600.html
• https://cwe.mitre.org/data/definitions/652.html
• https://cwe.mitre.org/data/definitions/653.html

References

• http://www.openwall.com/lists/oss-security/2013/07/01/1
• http://www.securityfocus.com/bid/60868
• http://www.securitytracker.com/id/1028717
• https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2228
• https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2228
• https://exchange.xforce.ibmcloud.com/vulnerabilities/85372
• https://security-tracker.debian.org/tracker/CVE-2013-2228
• http://www.openwall.com/lists/oss-security/2013/07/01/1
• http://www.securityfocus.com/bid/60868
• http://www.securitytracker.com/id/1028717
• https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2228
• https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2228
• https://exchange.xforce.ibmcloud.com/vulnerabilities/85372
• https://security-tracker.debian.org/tracker/CVE-2013-2228