F5 Networks BIG-IP : OpenSSL vulnerability (K17382)
High Nessus Plugin ID 86330
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionOpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. (CVE-2010-4252)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K17382.