Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

SSL/TLS: OpenSSL 'CVE-2016-2107' Padding Oracle Vulnerability

Information

Severity

Severity

Low

Family

Family

SSL and TLS

CVSSv2 Base

CVSSv2 Base

2.6

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

5 years ago

Summary

This host is installed with OpenSSL and is prone to padding oracle attack.

Insight

Insight

The vulnerability is due to not considering memory allocation during a certain padding check.

Affected Software

Affected Software

OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h.

Detection Method

Detection Method

Send an encrypted padded message and check the returned alert (Record Overflow if vulnerable, Bad Record Mac if no vulnerable.

Solution

Solution

OpenSSL 1.0.2 users should upgrade to 1.0.2h. OpenSSL 1.0.1 users should upgrade to 1.0.1t.

Common Vulnerabilities and Exposures (CVE)