ESA-2016-094: RSA BSAFE Micro Edition Suite Multiple Vulnerabilities

ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities

EMC Identifier:  ESA-2016-094

CVE Identifier:  CVE-2016-0923, CVE-2016-0924
 
Affected Products:
• RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5
• RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.9
 
Unaffected Products:
• RSA BSAFE Micro Edition Suite (MES) 4.1.5
• RSA BSAFE Micro Edition Suite (MES) 4.0.9
• RSA BSAFE SSL-C all versions
 
Summary:
RSA announces security fixes to RSA BSAFE Micro Edition Suite designed to address Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH) attack on TLS 1.2.
 
Details:
• Incorrectly ordered signature algorithm list vulnerability - CVE-2016-0923
A client application using BSAFE MES will send the signature algorithms list in ascending order of strength. If the server selects the first signature algorithm from the list, the connection might be compromised because of the negotiation of weak algorithms.
CVSS v3 Base Score: 4.8 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

• SLOTH Vulnerability - CVE-2016-0924
For TLS 1.2 capable toolkits an attack is carried out by forcing a hash-construction downgrade to MD5 thus reducing expected security during a TLS connection. This class of attack is called “transcript collision”. The attack relies on the use of an obsolete hash construction such as MD5 in TLS 1.2. (Similar to CVE-2015-7575).
CVSS v3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U//C:H/I:N/A:N)
 
Recommendation:
• RSA BSAFE Micro Edition Suite (MES) 4.1.5
• RSA BSAFE Micro Edition Suite (MES) 4.0.9

RSA recommends affected customers upgrade to the versions listed above at the earliest opportunity.

The following workaround is available for CVE-2016-0924:
One option is to operate in FIPS 140 mode. Note that this means using FIP140 mode instead of FIPS 140 SSL mode. RSA-MD5 is not available in FIPS mode.