Kontakt

Security Updates

Reporting a Security Vulnerability

If you think you have found a security vulnerability then please send it to the Gemalto Security Response Team (GSRT) [ PGP]. Any email sent to the response team that does not relate to a security vulnerability will be ignored. Non-security incidents can be entered at Gemalto Customer Portal.

Gray line  

WannaCry Ransomware

15 May 2017

Gemalto/SafeNet is aware of the Shadow Brokers leak (WannaCry), mainly affecting Microsoft Windows services, and documented in MS17-010, MS14-068, MS10-061, MS09-050, MS08-067, CVE-2017-3623, CVE-2017-3622, CVE-2017-0146 and CVE-2017-0147, CVE-2014-6324, CVE-2009-3103, CVE-2008-4250, CVE-2003-0694 and CVE-2003-0681.

Our security teams are carrying out an inventory of potentially affected configurations. Depending on the level of exposure of each server, patches or containments are being deployed as soon as they are made available based on information from our suppliers. At this time we do not have evidence of any remote or local exploits for this vulnerability.

Gray line  

SAM Client Vulnerability

19 Apr 2017

SafeNet Authentication Manager Client is deployed with ActiveX components to perform actions on end-user filesystem and end-user tokens. This could allow an attacker to use a malicious JavaScript to invoke ActiveX methods to obtain unauthorized access to end user file system. Further information is available at: KB0015461.

There are no known exploits of this vulnerability.

Gray line  

CVE-2015-2808 ARCFOUR Vulnerability

29 March 2017

CVE-2015-2808 is a CVSS medium-severity rated vulnerability that could allow a remote attacker to conduct plaintext recovery attacks by sniffing initial network traffic and then using a brute-force attack to extract the first few bytes of information of an encrypted message in plaintext.

The Gemalto Security Team has investigated the potential impact of this vulnerability to our products. Further information is available at: https://supportportal.gemalto.com/csm?id=kb_article&sys_id=b784a4b54fbdf284873b69d18110c74d. There are no known exploits of this vulnerability.

Gray line  

APDU Protocol Weaknesses – eTokenPRO Java/SafeSite Classic

Update 27 January 2017

The information below has been updated to reflect mitigation strategies that may also be applicable to all eToken Java-based products. This information is outlined at https://kb.safenet-inc.com/kb/link.jsp?ID=TE2888.

16 September 2016

A recent research report highlighted weaknesses in the APDU protocol used to communicate with the eToken PRO Java tokens and SafeSite Classic TPC IS V1 smartcards.

Current SafeNet authentication tokens and middleware products are not affected by this report. Customers using end of sale eToken PRO Java tokens or older versions of SafeNet Authentication Client which may be affected are advised to follow the mitigation guidelines outlined in security bulletin https://kb.safenet-inc.com/kb/link.jsp?ID=TE2697.

Customers using End of Life SafeSite Classic TPC IS V1 smartcards are advised to follow the mitigation guidelines outlined in security bulletin https://kb.safenet-inc.com/kb/link.jsp?ID=TE2698.

Gray line  

OpenSSL Vulnerabilities CVE-2016-2107 and CVE-2016-2108

05 May 2016

OpenSSL announced two high severity vulnerabilities on 3 May 2016 as follows:

The Gemalto IDSS (SafeNet) Security Team is currently investigating the potential impact of these vulnerabilities to the IDSS product portfolio. At this time we do not have evidence of any remote or local exploits for this vulnerability. Further investigation updates will be posted as more information is available. Please continue to check for updates.

Gray line  

Multiple OpenSSL Vulnerabilities including CVE-2016-0800 (DROWN) and CVE-2016-0703 (Divide and Conquer)

Update 08 April 2016

Gemalto IDSS (SafeNet) Security Team investigation has determined that Gemalto IDSS products are not impacted by the CVE-2016-0800 (DROWN) and CVE-2016-0703 (Divide and Conquer) vulnerabilities.

1 March 2016

A number of vulnerabilities have been disclosed by OpenSSL including a high severity cross-protocol attack on TLS using SSLv2 identified as CVE-2016-0800 (DROWN) and a high severity divide-and-conquer key recovery attack identified as CVE-2016-0703 (Divide and Conquer) which can lead to a more efficient DROWN attack. A moderate severity vulnerability and multiple low severity vulnerabilities were also disclosed.

More information about these vulnerabilities is available in the OpenSSL Security Advisory at: https://www.openssl.org/news/secadv/20160301.txt.

The Gemalto IDSS (SafeNet) Security Team is currently investigating the potential impact of these vulnerabilities to our products. Further information will be posted as we have results.

Gray line  

SaS Privilage Escalation Vulnerability

31 March 2016

The installation of several SafeNet Authentication Service Agents is vulnerable to privilege escalation due to weak ACLs assigned in some of the installation subdirectories and executable modules. This vulnerability, if exploited, may impact the integrity and availability of the executed modules but does not have any confidentiality impact. The exploit of this vulnerability requires local access and has medium complexity for agents that reside on servers and low complexity for agents that reside on client hosts. There are no known exploits of this vulnerability.

This vulnerability has been assigned the following CVE numbers: CVE-2015-7596 through CVE-2015-7598 and CVE-2015-7961 through CVE-2015-7967.

Please log in to the SafeNet Customer Portal for additional information and available patches to address this vulnerability.

Gray line  

CVE-2015-7547

18 February 2016

A major vulnerability has been disclosed publicly as CVE-2015-7547 that could lead to a stack-based buffer overflow in glibc's v2.9 to v2.22 DNS resolver. More information is available from glibc developers at https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html.

The Gemalto Security Team is currently investigating the potential impact of this vulnerability to our products. Further information will be posted as we have results. We know of no known attacks that use this specific vulnerability.

Gray line  

OpenSSH Vulnerability CVE-2016-0777/0778

Update 22 January 2016

The Gemalto IDSS (SafeNet) Security Team has investigated OpenSSH vulnerabilities CVE-2016-0777/0778. Gemalto IDSS products are not impacted by this vulnerability. There are no known exploits of this vulnerability.

15 January 2016

OpenSSH client versions 5.4 through 7.1p1 support an undocumented feature called roaming. An information leak flaw was found in the way OpenSSH client roaming feature was implemented. The information leak is exploitable in the default configuration of certain versions of the OpenSSH client and could (depending on the client's version, compiler, and operating system) allow a malicious SSH server to steal the client's private keys. This flaw can only be triggered after successful authentication and therefore can only be exploited by a malicious or compromised SSH server. Man-in-the-middle (MITM) attackers cannot exploit this issue.

The Gemalto Security Team is currently investigating these vulnerabilities for potential impact to our products. At this time we do not have evidence of any remote or local exploits for this vulnerability. Limited information is obtainable, however https://www.kb.cert.org/vuls/id/456088 provides more details for customers that employ the client roaming feature in their products. Further investigation updates will be posted as more information is available.

Gray line  

OpenSSL Vulnerability CVE-2015-1793

10 July 2015

The Gemalto IDSS (SafeNet) Security Team has investigated OpenSSL vulnerability advisories issued 09 July 2015, CVE-2015-1793 affecting OpenSSL version 1.0.2b-c/1.0.1n-o. Gemalto IDSS products do not employ the affected versions of OpenSSL and are therefore not impacted by this vulnerability.

Gray line  

Security Update CVE-2015-5464

Update 29 July 2015

The severity of this vulnerability has been re-assessed as low according to the NIST Vulnerability Database CVSS score criteria. Despite this classification, Gemalto strongly encourages customers to apply the patch immediately to the SafeNet HSMs. Please log in to the SafeNet Customer Portal for additional information and available patches to address this vulnerability.

Update 24 July 2015

SafeNet confirms that this announcement is linked to CVE-2015-5464. A successful exploit would require local access to a fully authenticated session with the HSM. Multiple levels of authentication are also required to obtain the necessary access. The overall complexity of the exploit is medium as an attacker would have to obtain elevated access to systems authorized to use the HSM. A successful exploit would result in partial disclosure of information protected by the HSM. Modification or deletion of data is not impacted by the vulnerability. This vulnerability does not reduce the performance of the HSM or otherwise interrupt the availability of the HSM. There are no known exploits of this vulnerability. SafeNet is working to update the CVE severity information on NVD.

9 July 2015

The Gemalto IDSS Security Response team has recently identified a vulnerability affecting the SafeNet Luna HSM. There have been no known exploits of this vulnerability. The severity of the vulnerability is rated as high.

Please log in to the SafeNet Customer Portal for additional information and available patches to address this vulnerability.

Gray line  

CVE-2015-0291 OpenSSL/FREAK vulnerability

19 March 2015

SafeNet has investigated OpenSSL HIGH vulnerability advisories issued today regarding CVE-2015-0291 (OpenSSL 1.0.2 ClientHello sigalgs DoS) and increase in severity for CVE-2015-0204 (EXPORT_RSA [Client]). The results of our investigation are as follows:

1. OpenSSL 1.0.2 server - No impact
2. RSA Export - There is no change from earlier statements related to CVE-2015-0204 FREAK.

Gray line  

CVE-2015-0204 FREAK vulnerability

UPDATE 17 March 2015

The full portfolio review is now complete. There is no change from earlier statements. Our bulletin has been updated and finalized and is available at the SafeNet Customer Portal.

UPDATE 13 March 2015

At this time SafeNet does not have evidence of any remote or local exploits for this vulnerability. SafeNet is continuing to investigate and will post updates as soon as more information is available. Please see the SafeNet Customer Portal for more information.

06 March 2015

SafeNet is currently assessing US-CERT CVE-2015-0204 dubbed the FREAK (Factoring attack on RSA-EXPORT Keys) vulnerability. It could allow attackers to intercept HTTPS connections between vulnerable clients and servers and trick browsers to use a weak 'export-grade' RSA cryptography in lieu of strong RSA This key can then be decrypted or altered in a Man in the Middle (MITM) attack.

The SafeNet portfolio is undergoing a full vulnerability assessment in light of this information. Please continue to check regularly for updates.

Gray line  

CVE-2015-0235: GHOST Vulnerability

UPDATE 05 February 2015

On further investigation, SafeNet continues to find no evidence of any remote or local exploits for this vulnerability. Please see the SafeNet Customer Portal for additional information.

UPDATE 30 January 2015

At this time SafeNet does not have evidence of any remote or local exploits for this vulnerability. SafeNet is continuing to investigate and will post updates as soon as more information is available.

29 January 2015

SafeNet is currently assessing US-CERT CVE-2015-0235 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18 a.k.a. GHOST that may allow context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235.

The SafeNet portfolio is undergoing a full vulnerability assessment in light of this information. Please continue to check regularly for updates.

Gray line  

Network Time Protocol Daemon Vulnerabilities

Update 23 December 2014

The SafeNet security team has determined that SafeNet products are not exploitable by these vulnerabilities at this time. Please check with Customer Support for more information.

22 December 2014

SafeNet is currently assessing US-CERT Vulnerability Note published 19 December 2014, http://www.kb.cert.org/vuls/id/852879 stating that the Network Time Protocol daemon (ntpd) contains multiple vulnerabilities. SafeNet is reviewing these vulnerabilities for potential impact to our products.

Gray line  

CVE-2014-8730

11 December 2014

SafeNet is currently assessing http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8730 published 10 December 2014 pertaining to TLS implementations omitting to check the padding structure after decryption. Such implementations may be vulnerable to the POODLE attack. This is not a protocol flaw (like SSL V3 in Poodle) but rather an implementation flaw. SafeNet is monitoring this vulnerability for potential impact to our products.

Please continue to check for updates.

Gray line  

SafeNet Authentication Service IIS/Sharepoint Agent Vulnerability

30 October 2014

SafeNet has been made aware of a vulnerability in the SafeNet Authentication Service IIS/Sharepoint agents. Please log in to the SafeNet Customer Portal for more information.

 

Gray line  

SafeNet Authentication Service Agent Vulnerability

27 October 2014

SafeNet has been made aware of a vulnerability in the SafeNet Authentication Service OWA agent. Please log in to the SafeNet Customer Portal for more information.

 

Gray line  

CVE-2014-3566: SSL v3.0 Vulnerability

UPDATE - 17 October 2014

Many products implementing TLS-based services allow for fallback to SSL v3.0 for compatibility reasons. CVE-2014-3566, published 14 October 2014 identified a vulnerability that could expose systems to man-in-the-middle attacks when such fallback is permitted. Details can be found at CVE-2014-3566.

Exploitation of this vulnerability would require a sophisticated attacker to have access to the network and defeat other protection offered by SafeNet products and our customers. Please see SafeNet Customer Portal for additional information.

 

Gray line  

CVE-2014-3566: SSLv3.0 protocol flaw (aka Poodle)

15 October 2014

SafeNet is currently assessing CVE-2014-3566 published 14 October 2014. This vulnerability could allow an attacker to exploit browser fallback to SSLv3.0 implementations that allow for interoperability with legacy systems.

This vulnerability is currently undergoing analysis and not all information is available. Please continue to check for updates.

 

Gray line  

Bash Vulnerability (CVE-2014-6271)

25 September 2014

SafeNet has been made aware of a vulnerability affecting all versions of the bash package as documented in CVE-2014-6271.

The SafeNet portfolio is undergoing a full vulnerability assessment in light of this announcement. In the event of a finding, product specific advisories, software patches, or new software downloads will be available in the SafeNet Customer Portal. Please continue to check regularly for updates or subscribe to specific product news feeds.

See more at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

UPDATE (26 September 2014)
The SafeNet Customer Portal link within the original post (above) has been updated.

UPDATE (1 October 2014)
The SafeNet Customer Portal link within the original post (above) has been updated.

 

Gray line  

BadUSB Vulnerability

22 August 2014

Recent research presented at Black Hat on August 7, 2014, demonstrated a new type of malware attacks targeted at USB devices. The attacks referred to as “BAD USB” describe a new attack vector where malware can infect the firmware of vulnerable USB devices. Once infected, the modified firmware controls the behavior of the USB device causing it to behave in a way contrary to its intended purpose. As the modified controller firmware cannot be scanned nor cleaned with current anti-malware solutions, the modified behavior can be exhibited without detection by the user. As explained by the researchers, the best protection against this vulnerability is to use code signing for firmware updates.

SafeNet Authentication USB tokens are protected from unauthorized firmware updates that may exist with a Bad USB attack. If you are using SafeNet USB Authentication tokens, please refer to the SafeNet Customer Portal for product-specific advisories related to this vulnerability.

 

Gray line  

OpenSSL Vulnerability Update

9 June 2014

For the latest, product specific update as it pertains to OpenSSL vulnerabilities, please review the links below.

 

Gray line  

OpenSSL Vulnerability Update

5 June 2014

SafeNet was notified of a number of OpenSSL vulnerabilities affecting all versions of OpenSSL.

Vulnerability Description
CVE-2014-0224SSL/TLS MITM vulnerability
CVE-2014-0221DTLS recursion flaw
CVE-2014-0195DTLS invalid fragment vulnerability
CVE-2014-0198SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
CVE-2010-5298SSL_MODE_RELEASE_BUFFERS session injection or denial of service
CVE-2014-3470Anonymous ECDH denial of service

 

While an impact assessment is being completed for all of these notifications against all of SafeNet’s products, CVE-2014-0224 is the most significant. A CCS Injection could allow for a man-in-the-middle attack against an encrypted connection making it possible for an attacker to potentially intercept an encrypted data stream and allowing an attacker to decrypt, view, and then manipulate the data in that stream. To be clear, the vulnerability can only be exploited if both server and client are vulnerable to this issue. In the event that only one of the two is vulnerable, there is no risk of exploitation.

The entire SafeNet portfolio is undergoing a full vulnerability assessment to all of today’s notifications. However, the following products have been cleared and determined to be free from these reported vulnerabilities.

Luna PCI 5.3 and earlier
Luna PCI 5.4
Luna IS 6.0 and earlier
Luna SP 2.x and earlier
Luna EFT 1.5 and earlier
KeySecure/DataSecure 6.x
KeySecure/DataSecure 7.x
KeySecure Clients
Crypto Command Center
StorageSecure

 

Gray line  

In summary, many of Gemalto’s products utilize OpenSSL as a part of the solution. The impact of this reported vulnerability is currently being investigated and immediate mitigation action will be taken if required. Product specific advisories, software patches, or new software downloads for affected SafeNet products will be available in the Gemalto Customer Portal. Please continue to check regularly for updates or subscribe to specific product news feeds.

Informationen anfordern

 

Vielen Dank für Ihr Interesse an unseren Lösungen. Bitte füllen Sie das Formular aus, um weitere Informationen zu erhalten oder um von einem SafeNet Mitarbeiter kontaktiert zu werden.

 

Ihre Angaben

* E-Mail-Adresse:  
* Vorname:  
* Nachname:  
* Unternehmen:  
* Telefon:  
* Land:  
* State (US Only):  
* Province (Canada/Australia Only):  
* Stadt:  
* Interessengebiet:
 
Bemerkungen:  
 

br />Mit dem Ausfüllen dieses Formulars willige ich ein, im Rahmen der beschriebenen Datenschutzbestimmungen Informationen von Gemalto und seinen Tochtergesellschaften zu erhalten.