2 matches found
OpenSSL improper handling of Change Cipher Spec message
Overview OpenSSL improperly handles Change Cipher Spec message in the initial SSL/TLS handshake. OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM man-in-the-middle attacker to force a server and a client to use easily guessable cryptgraphic key...
Vulnerability in OpenSSL - SSL/TLS MITM vulnerability
An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle MITM attack where the attacker can decrypt and modify traffic from the attacked client and server. Found by KIKUCHI Masashi Lepidum Co. Ltd...