subject:"CVE\-2013\-4353 and CVSS v2 vector with Authentication set to None"

Re: CVE-2013-4353 and CVSS v2 vector with Authentication set to None

2014-01-28 Thread Amarendra Godbole

Sorry folks - I was fixated on something else to see the obvious.

-Amarendra

On Sun, Jan 26, 2014 at 10:22 AM, Amarendra Godbole
 wrote:
> Hi,
>
> I am analyzing CVE-2013-4353, and the CVSS vector mentions Au
> parameter to N [1] From what I understand, the culprit code is called
> in the Server Finish message of the handshake, which is the last step
> - by this time the client has authenticated the server (step 3). So
> why does the CVSS vector mention authentication to be None?
>
> Thanks.
>
> -ag
>
> [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4353
>  CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

CVE-2013-4353 and CVSS v2 vector with Authentication set to None

2014-01-27 Thread Amarendra Godbole

Hi,

I am analyzing CVE-2013-4353, and the CVSS vector mentions Au
parameter to N [1] From what I understand, the culprit code is called
in the Server Finish message of the handshake, which is the last step
- by this time the client has authenticated the server (step 3). So
why does the CVSS vector mention authentication to be None?

Thanks.

-ag

[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4353
 CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

CVE-2013-4353 and CVSS v2 vector with Authentication set to None

2014-01-26 Thread Amarendra Godbole

Hi,

I am analyzing CVE-2013-4353, and the CVSS vector mentions Au
parameter to N [1] From what I understand, the culprit code is called
in the Server Finish message of the handshake, which is the last step
- by this time the client has authenticated the server (step 3). So
why does the CVSS vector mention authentication to be None?

Thanks.

-ag

[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4353
 CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: CVE-2013-4353 and CVSS v2 vector with Authentication set to None

CVE-2013-4353 and CVSS v2 vector with Authentication set to None

CVE-2013-4353 and CVSS v2 vector with Authentication set to None

3 matches

Site Navigation

Mail list logo

Footer information