Page 4 of 16 results (0.005 seconds)

CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue. IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 hasta la versión 9.0.1 Fix Pack 5 Interim Fix 1, cuando se usa TLS y AES GCM, utiliza generación aleatoria de nonce, lo que facilita a atacantes remotos obtener la clave de autenticación y suplantar datos aprovechando la reutilización de un nonce en una sesión y un "ataque prohibido". NOTA: esta CVE ha sido usada incorrectamente para problemas de reutilización de GCM nonce en otros productos; ver CVE-2016-10213 para el problema A10, CVE-2016-10212 para el problema Radware y CVE-2017-5933 para el problema Citrix. • http://www-01.ibm.com/support/docview.wss?uid=swg21979604 http://www-01.ibm.com/support/docview.wss?uid=swg21979669 http://www-01.ibm.com/support/docview.wss?uid=swg21979673 http://www.securityfocus.com/bid/96062 http://www.securitytracker.com/id/1037795 https://github.com/nonce-disrespect/nonce-disrespect https://support.citrix.com/article/CTX220329 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •