Information Exposure Affecting opcfoundation.netstandard.opc.ua Open this link in a new tab package, versions [,1.3.352.12)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
31 Jul 2018
13 Jun 2018
How to fix?
opcfoundation.netstandard.opc.ua to version 1.3.352.12 or higher.
opcfoundation.netstandard.opc.ua contains the OPC UA reference implementation and is targeting the .NET Standard Library.
Affected versions of the package are vulnerable to Information Exposure. A remote attacker could determine the Server’s private key by sending carefully constructed bad
NOTE This attack only affects
UserIdentityTokens encrypted with the
Basic128Rsa15 Security Policy which has already been depreciated.