Vulnerabilities > CVE-2016-4379 - Cryptographic Issues vulnerability in HP Integrated Lights-Out 3 Firmware
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family | CGI abuses |
NASL id | ILO_HPSBHF_03641.NASL |
description | An information disclosure vulnerability exists in iLO 3 before firmware version 1.88 due to an improper use of a MAC protection mechanism in conjunction with CBC padding in its TLS implementation. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 122244 |
published | 2019-02-15 |
reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/122244 |
title | iLO 3 < 1.88 Information Disclosure Vulnerability |
code |
|
References
- http://www.securityfocus.com/bid/92696
- http://www.securityfocus.com/bid/92696
- http://www.securitytracker.com/id/1036707
- http://www.securitytracker.com/id/1036707
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05249760
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05249760
- https://www.iacr.org/archive/eurocrypt2002/23320530/cbc02_e02d.pdf
- https://www.iacr.org/archive/eurocrypt2002/23320530/cbc02_e02d.pdf