seb-m/jpake

seb-m/jpake

Releases0

Stars23

Small-subgroup confinement issue in the OpenSSL and OpenSSH implementations of J-PAKE.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2010-4478 ↗	Dec 6, 2010Monday, 6 December 2010, 22:30	9.8 CRITICAL	7.5 HIGH
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
CVE-2010-4252 ↗	Dec 6, 2010Monday, 6 December 2010, 21:05	—	7.5 HIGH
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.