Unrated severityNVD Advisory· Published Dec 6, 2010· Updated Apr 29, 2026
CVE-2010-4252
CVE-2010-4252
Description
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
Affected products
76cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*+ 75 more
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*range: <=1.0.0b
- cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- cvs.openssl.org/chngviewnvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdfnvdExploit
- secunia.com/advisories/42469nvdVendor Advisory
- www.vupen.com/english/advisories/2010/3120nvdVendor Advisory
- www.vupen.com/english/advisories/2010/3122nvdVendor Advisory
- marc.infonvd
- marc.infonvd
- openssl.org/news/secadv_20101202.txtnvd
- secunia.com/advisories/57353nvd
- securitytracker.com/idnvd
- slackware.com/security/viewer.phpnvd
- www-01.ibm.com/support/docview.wssnvd
- www.securityfocus.com/bid/45163nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039nvd
News mentions
0No linked articles in our index yet.