CVE-2016-0270
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 hasta la versión 9.0.1 Fix Pack 5 Interim Fix 1, cuando se usa TLS y AES GCM, utiliza generación aleatoria de nonce, lo que facilita a atacantes remotos obtener la clave de autenticación y suplantar datos aprovechando la reutilización de un nonce en una sesión y un "ataque prohibido". NOTA: esta CVE ha sido usada incorrectamente para problemas de reutilización de GCM nonce en otros productos; ver CVE-2016-10213 para el problema A10, CVE-2016-10212 para el problema Radware y CVE-2017-5933 para el problema Citrix.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-08 CVE Reserved
- 2017-02-08 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96062 | Third Party Advisory | |
http://www.securitytracker.com/id/1037795 | Vdb Entry | |
https://github.com/nonce-disrespect/nonce-disrespect | Third Party Advisory | |
https://support.citrix.com/article/CTX220329 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21979604 | 2017-11-15 | |
http://www-01.ibm.com/support/docview.wss?uid=swg21979669 | 2017-11-15 | |
http://www-01.ibm.com/support/docview.wss?uid=swg21979673 | 2017-11-15 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Client Application Access Search vendor "Ibm" for product "Client Application Access" | 1.0.0.1 Search vendor "Ibm" for product "Client Application Access" and version "1.0.0.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Domino Search vendor "Ibm" for product "Domino" | 9.0.1.3 Search vendor "Ibm" for product "Domino" and version "9.0.1.3" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Domino Search vendor "Ibm" for product "Domino" | 9.0.1.4 Search vendor "Ibm" for product "Domino" and version "9.0.1.4" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Domino Search vendor "Ibm" for product "Domino" | 9.0.1.5 Search vendor "Ibm" for product "Domino" and version "9.0.1.5" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Notes Search vendor "Ibm" for product "Notes" | 9.0.1.3 Search vendor "Ibm" for product "Notes" and version "9.0.1.3" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Notes Search vendor "Ibm" for product "Notes" | 9.0.1.4 Search vendor "Ibm" for product "Notes" and version "9.0.1.4" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Notes Search vendor "Ibm" for product "Notes" | 9.0.1.5 Search vendor "Ibm" for product "Notes" and version "9.0.1.5" | - |
Affected
|