CVE-2016-2107 AES-NI CBC MAC Check

search cancel

CVE-2016-2107 AES-NI CBC MAC Check

book

Article ID: 382748

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

External Vulnerability scan returns the following on PAM nodes:

The Exploit-DB
Reference: CVE-2016-2107
Description: OpenSSL - Padding Oracle in AES-NI CBC MAC Check - The Exploit-DB Ref : 39768

exploitdb
Reference: CVE-2016-2107
Description: OpenSSL - Padding Oracle in AES-NI CBC MAC Check

Reference: CVE-2016-2107
Description: OpenSSL - Weak KDF

0day.today
Reference: CVE-2016-2107
Description: OpenSSL - Padding Oracle in AES-NI CBC MAC Check

github-exploits
Reference: CVE-2016-2107
Description: FiloSottile/CVE-2016-2107 exploit repository

Environment

Privileged Access Management
4.1.6

Resolution

These Ciphers are not used in PAM and mitm attack is not possible in PAM. Confirmed by the PAM Engineering team. PAM is not vulnerable.

If you have further questions or concerns, please open a case with support and reference this knowledge article.

Feedback

thumb_up Yes

thumb_down No