// For flags

CVE-2016-0923

RSA BSAFE Micro Edition Suite SLOTH Updates

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.

El cliente en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.9 y 4.1.x en versiones anteriores a 4.1.5 sitúa los algoritmos mas débiles primero en una lista de firma de algoritmos transmitidos a un servidor, lo que facilita a atacantes remotos vencer mecanismos de protección criptográfica mediante el aprovechamiento del comportamiento del servidor en el que se usa el primer algoritmo.

RSA announces security fixes to RSA BSAFE Micro Edition Suite designed to address Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH) attack on TLS 1.2. RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5 and all 4.0.x versions prior to 4.0.9 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-12-17 CVE Reserved
  • 2016-09-15 CVE Published
  • 2024-08-05 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CAPEC
References (3)
URL Tag Source
http://seclists.org/bugtraq/2016/Sep/25 Mailing List
http://www.securityfocus.com/bid/92994 Third Party Advisory
http://www.securitytracker.com/id/1036835 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dell
Search vendor "Dell"
 Bsafe
Search vendor "Dell" for product "Bsafe"
 >= 4.0.0 < 4.0.9
Search vendor "Dell" for product "Bsafe" and version " >= 4.0.0 < 4.0.9"
micro_edition_suite
Affected
Dell
Search vendor "Dell"
 Bsafe
Search vendor "Dell" for product "Bsafe"
 >= 4.1.0 < 4.1.5
Search vendor "Dell" for product "Bsafe" and version " >= 4.1.0 < 4.1.5"
micro_edition_suite
Affected