virus logo FortiClient Vulnerability

OpenSSL CVE-2016-2178 Information Disclosure Vulnerability

description-logoDescription

Severity: LowOperations in the DSA signing algorithm should run in constant time in order toavoid side channel attacks. A flaw in the OpenSSL DSA implementation means thata non-constant time codepath is followed for certain operations. This has beendemonstrated through a cache-timing attack to be sufficient for an attacker torecover the private DSA key.OpenSSL 1.0.2 users should upgrade to 1.0.2iOpenSSL 1.0.1 users should upgrade to 1.0.1uThis issue was reported to OpenSSL on 23rd May 2016 by Csar Pereida (AaltoUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2016-2178

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39869
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL