Main Vulnerability Database Vulnerabilities #VU84951

TLS Padding Oracle in MatrixSSL - CVE-2016-6883

Published: January 3, 2024

Vulnerability identifier: #VU84951

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-6883

CWE-ID: CWE-310

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
MatrixSSL

Software vendor:
InsideSecure

Description

The vulnerability allows a remote attacker to decrypt TLS traffic.

The vulnerability exists due to an error in TLS implementation. A remote attacker with ability to establish a large number of TLS connections with the target server can conduct an adaptive-chosen ciphertext attack against RSA cipher and gain access to sensitive information.

The attack is known as "ROBOT" (Return Of Bleichenbacher's Oracle Threat).

Remediation

Install update from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2016/08/19/8
https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md

TLS Padding Oracle in MatrixSSL - CVE-2016-6883

Description

Remediation

External links

Please verify you're human