CVE-2016-0270 Information

Feb 14, 2021 cve

Description

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1 when using TLS and AES GCM uses random nonce generation which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \forbidden attack.\ NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue CVE-2016-10212 for the Radware issue and CVE-2017-5933 for the Citrix issue.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/96062 http://www.securitytracker.com/id/1037795 http://www-01.ibm.com/support/docview.wss?uid=swg21979604 http://www-01.ibm.com/support/docview.wss?uid=swg21979669 http://www-01.ibm.com/support/docview.wss?uid=swg21979673 https://github.com/nonce-disrespect/nonce-disrespect https://support.citrix.com/article/CTX220329

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.9

Share on: