A vulnerability in the IBM Domino TLS server’s Diffie-Hellman parameter validation could potentially be exploited in a small subgroup attack which could result in a less secure connection. An attacker may be able to exploit this vulnerability to obtain user authentication credentials.
CVE(s): CVE-2016-6087
Affected product(s) and affected version(s):
IBM Domino 9.0.1 through 9.0.1 Fix Pack 7 Interim Fix 2
IBM Domino 9.0 through 9.0 Interim Fix 7
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 17
IBM Domino 8.5.2 through 8.5.2 Fix Pack 4
IBM Domino 8.5.1 through 8.5.1 Fix Pack 5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2rnekpz
X-Force Database: http://ift.tt/2qJsjZY
The post IBM Security Bulletin: IBM Domino TLS server Diffie-Hellman key validation vulnerability (CVE-2016-6087) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2rsMyIx
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.