CVE-2017-2585 - OpenCVE

Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Single Sign On Keycloak Enterprise Linux Server

Configuration 1 [-]

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:redhat:single_sign_on:7.1:::::::*
	cpe:2.3:a:redhat:single_sign_on:7.2:::::::*

OR	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2017-0876.html	Vendor Advisory
http://www.securityfocus.com/bid/97393	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038180	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:0872	Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:0873	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1412376	Issue Tracking

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-04-04T00:00:00

Updated: 2018-03-13T09:57:01

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2585

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-03-12T15:29:00.397

Modified: 2018-04-12T15:14:13.500

Link: CVE-2017-2585

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "keycloak", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "2.5.1"}]}], "datePublic": "2017-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks."}], "problemTypes": [{"descriptions": [{"description": "None", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-13T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:0876", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html"}, {"name": "1038180", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038180"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412376"}, {"name": "97393", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97393"}, {"name": "RHSA-2017:0873", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:0873"}, {"name": "RHSA-2017:0872", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:0872"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-04-04T00:00:00", "ID": "CVE-2017-2585", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "keycloak", "version": {"version_data": [{"version_value": "2.5.1"}]}}]}, "vendor_name": "Red Hat, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "None"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:0876", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html"}, {"name": "1038180", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038180"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1412376", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412376"}, {"name": "97393", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97393"}, {"name": "RHSA-2017:0873", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:0873"}, {"name": "RHSA-2017:0872", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:0872"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2585", "datePublished": "2017-04-04T00:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2018-03-13T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2C6178C-0196-42C2-9947-777F4F397D9D", "versionEndExcluding": "2.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "11FE6021-DBE7-4FFD-B021-F97EF80BDEEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:single_sign_on:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0AB839F9-8CE2-4EAE-90F2-2CA55742957E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks."}, {"lang": "es", "value": "Red Hat Keycloak, en versiones anteriores a la 2.5.1, tiene una implementaci\u00f3n de la verificaci\u00f3n HMAC para los tokens JWS que emplea un m\u00e9todo que se ejecuta en tiempo no constante, lo que podr\u00eda hacer que la aplicaci\u00f3n sea vulnerable a ataques de sincronizaci\u00f3n."}], "id": "CVE-2017-2585", "lastModified": "2018-04-12T15:14:13.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-12T15:29:00.397", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97393"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038180"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0872"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0873"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412376"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}