Page 2 of 7 results (0.003 seconds)

CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). Erlang/OTP en versiones anteriores a 18.0-rc1 no comprueba correctamente los bytes de relleno CBC cuando finaliza las conexiones, lo que hace más fácil para atacantes man-in-the-middle obtener datos en texto plano a través de un ataque padding-oracle, una variante de CVE-2014-3566 (también conocida como POODLE). • http://lists.opensuse.org/opensuse-updates/2016-02/msg00124.html http://openwall.com/lists/oss-security/2015/03/27/6 http://openwall.com/lists/oss-security/2015/03/27/9 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/73398 https://usn.ubuntu.com/3571-1 https://web.archive.org/web/20150905124006/http://www.erlang.org/news/85 https://www.imperialviolet.org/2014/12/08/poodleagain.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. El generador de números aleatorios de la aplicación Crypto en versiones anteriores a la 2.0.2.2, y SSH anteriores a 2.0.5, como es usado en la librería Erlang/OTP ssh en versiones anteriores a la R14B03, utiliza semillas predecibles basadas en la fecha actual, lo que facilita a atacantes remotos adivinar el host DSA y las claves de sesión SSH. • http://secunia.com/advisories/44709 http://www.kb.cert.org/vuls/id/178990 http://www.securityfocus.com/bid/47980 https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5 • CWE-310: Cryptographic Issues •