N/A

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.

N/A

N/A

EMC RSA BSAFE Crypto-J 信息泄露漏洞

EMC RSA BSAFE Crypto-J是美国易安信（EMC）公司的一个加密工具包，它可以为开发人员提供向其应用程序添加隐私和身份验证功能的工具。 EMC RSA BSAFE Crypto-J 6.2.2之前的版本存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。

N/A

N/A