CVE - CVE-2016-0270

CVE-ID
CVE-2016-0270	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:96062 URL:http://www.securityfocus.com/bid/96062 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21979604 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21979669 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21979673 CONFIRM:https://support.citrix.com/article/CTX220329 MISC:https://github.com/nonce-disrespect/nonce-disrespect SECTRACK:1037795 URL:http://www.securitytracker.com/id/1037795
Assigning CNA
IBM Corporation
Date Record Created
20151208	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20151208)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)