ixray-team ixray-1.6-stcop Exposure of Sensitive Information Vulnerability

A vulnerability allowing the exposure of sensitive information to unauthorized actors exists in ixray-team ixray-1.6-stcop, prior to version 1.3. This issue arises from cloned code in the 'src/3rd-party/crypto/openssl/src/dh_check.c' file, which did not incorporate a critical security patch related to a small subgroup attack on Diffie-Hellman parameters. The original vulnerability, identified as CVE-2016-0701, could potentially allow an attacker to deduce a peer's private DH exponent under certain conditions.

Impact

The vulnerability could lead to the exposure of sensitive information, specifically private Diffie-Hellman exponents, to unauthorized actors.

Remediation

Users are advised to update to version 1.3 or later, where this vulnerability has been addressed. For those using versions prior to 1.3, applying the same security patch referenced in the original CVE-2016-0701 issue on the OpenSSL GitHub repository is recommended.