Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/96172 | Third Party Advisory VDB Entry |
https://github.com/nonce-disrespect/nonce-disrespect | Third Party Advisory |
https://support.radware.com/app/answers/answer_view/a_id/18456 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-02-08T16:00:00
Updated: 2017-02-28T10:57:01
Reserved: 2017-02-08T00:00:00
Link: CVE-2016-10212
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-02-08T16:59:00.180
Modified: 2017-03-02T16:12:41.663
Link: CVE-2016-10212
JSON object: View
Redhat Information
No data.
CWE