A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.
References
Link | Resource |
---|---|
http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html | Technical Description Third Party Advisory |
http://seclists.org/fulldisclosure/2017/Jun/44 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-06-30T12:00:00
Updated: 2017-06-30T11:57:01
Reserved: 2017-06-28T00:00:00
Link: CVE-2017-10668
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-06-30T12:29:00.213
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-10668
JSON object: View
Redhat Information
No data.
CWE