Search for vulnerabilities
Vulnerability details: VCID-w8mr-jycm-aaag
Vulnerability ID VCID-w8mr-jycm-aaag
Aliases CVE-2016-0701
VC-OPENSSL-20160128-CVE-2016-0701
Summary Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk. OpenSSL before 1.0.2f will reuse the key if: - SSL_CTX_set_tmp_dh()/SSL_set_tmp_dh() is used and SSL_OP_SINGLE_DH_USE is not set. - SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used, and both the parameters and the key are set and SSL_OP_SINGLE_DH_USE is not used. This is an undocumted feature and parameter files don't contain the key. - Static DH ciphersuites are used. The key is part of the certificate and so it will always reuse it. This is only supported in 1.0.2. It will not reuse the key for DHE ciphers suites if: - SSL_OP_SINGLE_DH_USE is set - SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used and the callback does not provide the key, only the parameters. The callback is almost always used like this. Non-safe primes are generated by OpenSSL when using: - genpkey with the dh_rfc5114 option. This will write an X9.42 style file including the prime-order subgroup size "q". This is supported since the 1.0.2 version. Older versions can't read files generated in this way. - dhparam with the -dsaparam option. This has always been documented as requiring the single use. The fix for this issue adds an additional check where a "q" parameter is available (as is the case in X9.42 based parameters). This detects the only known attack, and is the only possible defense for static DH ciphersuites. This could have some performance impact. Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by default and cannot be disabled. This could have some performance impact.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.08757 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.08757 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.08757 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.09209 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.09209 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.09209 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.11884 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.11884 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.11884 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.11884 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.11884 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.11884 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.11884 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.16119 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.16119 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.16119 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.16119 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.16119 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.24988 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.3064 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.36818 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.36818 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
epss 0.49005 https://api.first.org/data/v1/epss?cve=CVE-2016-0701
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1301845
cvssv2 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 2.6 https://nvd.nist.gov/vuln/detail/CVE-2016-0701
cvssv3 3.7 https://nvd.nist.gov/vuln/detail/CVE-2016-0701
generic_textual Low https://www.openssl.org/news/secadv/20160128.txt
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpuapr2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpuapr2020.html
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpujan2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpujan2020.html
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpujul2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpujul2020.html
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpuoct2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpuoct2020.html
cvssv3.1 5.9 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
generic_textual MODERATE https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Reference id Reference type URL
http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0701.json
https://api.first.org/data/v1/epss?cve=CVE-2016-0701
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0701
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2
https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648
https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
https://security.gentoo.org/glsa/201601-05
https://www.kb.cert.org/vuls/id/257823
https://www.openssl.org/news/secadv/20160128.txt
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://www.openssl.org/news/secadv/20160128.txt
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/82233
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1034849
http://www.ubuntu.com/usn/USN-2883-1
1301845 https://bugzilla.redhat.com/show_bug.cgi?id=1301845
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
CVE-2016-0701 https://nvd.nist.gov/vuln/detail/CVE-2016-0701
USN-2883-1 https://usn.ubuntu.com/2883-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0701
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0701
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuapr2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujul2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.94798
EPSS Score 0.08757
Published At Dec. 11, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.