ALT-PU-2017-1187-1
Closed vulnerabilities
Published: 2016-08-24
BDU:2019-04216
Уязвимость программного обеспечения OpenVPN, связанная с проблемами использования шифрования с 64-битным блоком, позволяющая нарушителю восстановить исходное сообщение
Severity: MEDIUM (5.9)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2017-02-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-6329
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
Severity: MEDIUM (5.9)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- 92631
- 92631
- 1036695
- 1036695
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
- http://www-01.ibm.com/support/docview.wss?uid=swg21991482
- http://www-01.ibm.com/support/docview.wss?uid=swg21991482
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
- https://community.openvpn.net/openvpn/wiki/SWEET32
- https://community.openvpn.net/openvpn/wiki/SWEET32
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
- GLSA-201611-02
- GLSA-201611-02
- https://sweet32.info/
- https://sweet32.info/
Closed bugs
Проблема openvpn 2.3.12 при подключении через static key