129 matches found
March 2015 Microsoft Patch Tuesday Security Bulletins
Windows IT shops figure to be in for some scrambling today. Not only was it revealed that a five-year-old patch for a vulnerability exploited by Stuxnet was incomplete and machines have been exposed since 2010, but today is also Patch Tuesday and the updated Stuxnet patch is one of 14 bulletins...
Dealing with FREAK and SuperFish
Security Dealing with FREAK and SuperFish Share March 10th, 2015 The FREAK TLS attack Following the trend of memorable names for TLS attacks, FREAK was recently announced. This exploits a bug in some TLS libraries, combined with the support of ancient weak ciphers, to enable a MitM to force...
CVE-2 0 1 5-0 2 0 4 OpenSSL FREAK Attack vulnerability detection methods and repair recommendations-vulnerability warning-the black bar safety net
0×0 1 Introduction Near the Lantern Festival on the occasion, OpenSSL and because of the FREAK attack(also known as the Factoring Attack on RSA-EXPORT Keys vulnerability or CVE-2 0 1 5-0 2 0 4. the vulnerability fights uproar. Apple and Google are in on Tuesday indicated that they are fixing the...
mono -- TLS bugs
The Mono project reports: Mono’s implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. Details of this vulnerability are discussed in SKIP-TLS post. Mono’s implementation of SSL/TLS also contained...
SSL/TLS implementations accept export-grade RSA keys (FREAK attack)
Overview Some implementations of SSL/TLS accept export-grade 512-bit or smaller RSA keys even when not specifically requesting export grade ciphers. An attacker able to act as a Man-in-The-Middle MiTM could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS trafflc. This iss...
Microsoft Schannel Vulnerable to FREAK
Microsoft today issued an advisory warning Windows users that Secure Channel, or Schannel, the Windows implementation of SSL/TLS, is vulnerable to the FREAK attack. Disclosed this week, FREAK CVE-2015-1637 is the latest big Internet bug. It affects a number of SSL clients, including OpenSSL, and...
Check Point Response to CVE-2015-0204 - TLS FREAK Attack
Symptoms - On Tuesday, March 3, 2015, researchers disclosed a new SSL/TLS vulnerability - the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and vulnerable servers and force them to use the "export-grade" cryptography, which can then be...
TLS FREAK Attack
...
UBUNTU-CVE-2015-0204
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...