CVE-2016-8217

Published: Feb 3, 2017Modified: May 13, 2026

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.

Affected (1)

Products: Dell: Bsafe Crypto J

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Bsafe Crypto J	Before 6.2.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/archive/1/540066/30/0/threaded

Source: security_alert@emc.com

Mailing ListThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/95831

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037732

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/540066/30/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/95831

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037732

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.