5 matches found
EUVD-2010-3319
Malware in sbrugna...
Padding Oracle Crypto Research Prompts Confusion, Dissenting Opinions on Severity
Few things tend to spark debates and controversy in the security community like a new piece of cryptographic research. The paper by a group of academic researchers on an improvement to a padding oracle attack on certain hardware security tokens publicized this week is no different, with RSA...
CVE-2010-3321
RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS11 API...
CVE-2010-3321
RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS11 API...
CVE-2010-3321
Summary: CVE-2010-3321 affects RSA Authentication Client 2.0.x, 3.0, and 3.5.x prior to 3.5.3 when used with RSA SecurID 800 authenticators. The secret key objects stored on the authenticator can be extracted due to the PKCS#11 objects being tagged as SENSITIVE and NON-EXTRACTABLE, which should p...