CVE-2010-4252

Openssl < 1.0.0b - Authentication Bypass

Title source: rule

Description

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

References (16)

[Patch] http://cvs.openssl.org/chngview?cn=20098

[Mailing List] http://marc.info/?l=bugtraq&m=129916880600544&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=130497251507577&w=2

[Vendor Advisory] http://openssl.org/news/secadv_20101202.txt

[Exploit] http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf

[Vendor Advisory] http://secunia.com/advisories/42469

[Vendor Advisory] http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/3120

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/3122

[Patch] https://bugzilla.redhat.com/show_bug.cgi?id=659297

[Patch] https://github.com/seb-m/jpake

View Patch ZIP pw:eip

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45163

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1024823

[Third Party Advisory] http://secunia.com/advisories/57353

Scores

EPSS 0.0180

EPSS Percentile 82.6%

Classification

CWE

CWE-287

Status draft

Affected Products (50)

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl < 1.0.0b

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl

... and 35 more

Timeline

Published Dec 06, 2010

Tracked Since Feb 18, 2026