Vulnerabilities > CVE-2013-5391 - Cryptographic Issues vulnerability in IBM Mobile Foundation and Worklight

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

ibm

CWE-310

NVD

Published: 2018-04-27

Updated: 2018-06-04

Summary

IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use of the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Worklight 5.0.5.0 IBM Worklight 6.0.0.0 IBM Worklight 5.0.6.0 IBM Worklight 5.0.0.0 IBM Mobile Foundation 5.0.0.0 IBM Mobile Foundation 5.0.5.0 IBM Mobile Foundation 5.0.6.0 IBM Mobile Foundation 6.0.0.0	16

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References