Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2010-4252

Disclosure Date: December 06, 2010
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

Technical Analysis