Advisory ID

12265

Release date

2016-03-02

Last Updated

2016-03-02

Issue Severity

No Impact

 

Source

Source

OpenSSL.org

Release date

2016-03-01

CVSS v2 Base Score

Low

Problem Description

SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: An attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection.

Find more about CVE-2016-0798 from MITRE CVE directory.

Impact

None.

Affected Products

None of the FoxT products support SRP authentication and they are therefore not affected by this vulnerability.

Workaround

N/A.

Obtaining Fixed Software

N/A.

External References

OpenSSL Security Advisory.










Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: April 16, 2019