CVE-2016-3702: Infoleak
First published: Mon Apr 25 2016(Updated: )
Internally CFME uses AES-256-CBC encryption to encrypt important data before it is saved in the database. This encryption mode is vulnerable to padding oracle attack and CFME does allow attacker to submit forged ciphertexts for encryption and observe the result.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Cloudforms Management Engine | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-3702
- vendor/redhat
- canonical/redhat cloudforms management engine
- version/redhat cloudforms management engine/5.0