Key Management Errors
CVE-2018-7559
Summary
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.
- HIGH
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-320 - Key Management Errors
Weaknesses in this category are related to errors in the management of cryptographic keys.
References
Advisory Timeline
- Published