CVE-2024-41996

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
Configurations

No configuration.

History

26 Aug 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-295

26 Aug 2024, 12:47

Type Values Removed Values Added
Summary
  • (es) Validar el orden de las claves públicas en el Protocolo de acuerdo de claves Diffie-Hellman, cuando se utiliza un valor primario seguro aprobado, permite a atacantes remotos (desde el lado del cliente) activar cálculos de exponenciación modular DHE del lado del servidor innecesariamente costosos. El cliente puede provocar un consumo asimétrico de recursos. El escenario de ataque básico es que el cliente debe afirmar que solo puede comunicarse con DHE y el servidor debe configurarse para permitir DHE y validar el orden de la clave pública.

26 Aug 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-26 06:15

Updated : 2024-08-26 16:35


NVD link : CVE-2024-41996

Mitre link : CVE-2024-41996

CVE.ORG link : CVE-2024-41996


JSON object : View

Products Affected

No product.

CWE
CWE-295

Improper Certificate Validation