An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.
References
Link | Resource |
---|---|
https://github.com/SmallTown123/details-for-CVE-2022-46505 | Exploit Third Party Advisory |
https://smalltown123.notion.site/MatrixSSL-session-resume-bug-a0 | Permissions Required Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-01-18T00:00:00
Updated: 2023-01-18T00:00:00
Reserved: 2022-12-05T00:00:00
Link: CVE-2022-46505
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-01-18T16:15:11.320
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-46505
JSON object: View
Redhat Information
No data.
CWE