Bug 1330179 (CVE-2016-3702)
| Summary: | CVE-2016-3702 cfme: vulnerable to padding oracle attack against AES-256-CBC | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Ján Rusnačko <jrusnack> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | cpelland, dajohnso, dclarizi, gblomqui, gmccullo, gtanzill, hhudgeon, jfrey, jhardy, jprause, jrafanie, kseifried, nobody, obarenbo, roliveri, security-response-team, simaishi, slukasik |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A padding oracle flaw was found in the encryption of sensitive information stored within the backend database used by CloudForms. An attacker able to submit forged cipher texts could observe the results of encryption and determine information that could, in turn, lead to the disclosure of encrypted data within the database.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-12-20 03:54:30 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1366330 | ||
| Bug Blocks: | 1330182 | ||
|
Description
Ján Rusnačko
2016-04-25 14:29:51 UTC
Acknowledgments: Name: Travis Scheponik (Red Hat) Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. |