RSA BSAFE Micro Edition Suite Covert Timing Channel Vulnerability



A vulnerability in RSA BSAFE Micro Edition Suite could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability is due to cryptographic issues in the affected software, which could be leveraged to conduct Bleichenbacher-style covert timing channel attacks. An attacker who can capture traffic between the targeted system and another system or between a user and the targeted system could exploit this vulnerability to access sensitive information, such as RSA keys. A successful exploit could be used to conduct further attacks.

RSA has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-11057

Source:: Cisco Multivendor Vulnerability Alerts