Lucene search

K
nessusTenable801055.PRM
HistoryDec 07, 2010 - 12:00 a.m.

OpenSSL < 0.9.8q / 1.0.0c Multiple Vulnerabilities

2010-12-0700:00:00
Tenable
www.tenable.com
21

Versions of OpenSSL earlier than 0.9.8q and 1.0.0c are potentially affected by multiple vulnerabilities :

  • It may be possible to downgrade the ciphersuite to a weaker version by modifying the stored session cache cipher suite.

  • An error exists in the J-PAKE implementation which could lead to successful validation by someone with no knowledge of the shared secret.
    IAVA Reference : 2011-A-0160
    IAVB Reference : 2012-B-0038
    STIG Finding Severity : Category I

Binary data 801055.prm