CVE-2006-5484

2006-10-2422:07:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.093

Percentile

94.7%

JSON

SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.

Affected configurations

Nvd

Node

sshtectia_clientRange≤5.1.0

sshtectia_connectorRange≤5.1.0

sshtectia_managerRange≤2.2.0

sshtectia_serverRange≤5.1.0

VendorProductVersionCPE
sshtectia_client*cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:*
sshtectia_connector*cpe:2.3:a:ssh:tectia_connector:*:*:*:*:*:*:*:*
sshtectia_manager*cpe:2.3:a:ssh:tectia_manager:*:*:*:*:*:*:*:*
sshtectia_server*cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ssh	tectia_client	*	cpe:2.3:a:ssh:tectia_client::::::::
ssh	tectia_connector	*	cpe:2.3:a:ssh:tectia_connector::::::::
ssh	tectia_manager	*	cpe:2.3:a:ssh:tectia_manager::::::::
ssh	tectia_server	*	cpe:2.3:a:ssh:tectia_server::::::::