Lucene search
K

226 matches found

Github Security Blog
Github Security Blog
added 2022/05/04 12:0 a.m.30 views

Incorrect MAC key used in the RC4-MD5 ciphersuite

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS3.6AI score0.01026EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/04 12:0 a.m.56 views

FreeBSD : OpenSSL -- Multiple vulnerabilities (fceb2b08-cb76-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fceb2b08-cb76-11ec-a06f-d4c9ef517024 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command...

10CVSS7.4AI score0.83223EPSS
Exploits5References6
Prion
Prion
added 2022/05/03 4:15 p.m.26 views

Design/Logic Flaw

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

4.3CVSS7.2AI score0.01026EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/03 3:15 p.m.41 views

CVE-2022-1434 Incorrect MAC key used in the RC4-MD5 ciphersuite

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS6.7AI score0.01026EPSS
Exploits0References6
CVE
CVE
added 2022/05/03 3:15 p.m.202 views

CVE-2022-1434

The CVE-2022-1434 issue affects the RC4-MD5 ciphersuite in OpenSSL 3.0, where the AAD data is incorrectly used as the MAC key, allowing an attacker to modify data in transit without decrypting it. The vulnerability requires both endpoints to negotiate RC4-MD5, and it is not exploitable when TLSv1...

5.9CVSS7.3AI score0.01026EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2022/05/03 3:15 p.m.48 views

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS7.5AI score0.01026EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/05/03 3:15 p.m.63 views

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS6.3AI score0.01026EPSS
Exploits0
OSV
OSV
added 2022/05/03 12:0 p.m.27 views

RUSTSEC-2022-0026 Incorrect MAC key used in the RC4-MD5 ciphersuite

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS7.3AI score0.01026EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/05/03 12:0 a.m.47 views

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS6.7AI score0.01026EPSS
Exploits0References3
OpenSSL
OpenSSL
added 2022/05/03 12:0 a.m.52 views

Vulnerability in OpenSSL - Incorrect MAC key used in the RC4-MD5 ciphersuite

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

7.2AI score0.01026EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2014-0325)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.7408EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/09/28 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2021-2542)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.78675EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2021/08/16 12:0 a.m.27 views

OpenSSL: Ciphersuite Downgrade Attack (20101202) - Windows

OpenSSL is prone to a ciphersuite downgrade attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

4.3CVSS7.1AI score0.09497EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/08/16 12:0 a.m.23 views

OpenSSL: Ciphersuite Downgrade Attack (20101202) - Linux

OpenSSL is prone to a ciphersuite downgrade attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

4.3CVSS7.1AI score0.09497EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.52 views

SUSE SLES11 Security Update : openssl1 (SUSE-SU-2020:14511-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14511-1 advisory. - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections...

4.3CVSS6.3AI score0.04803EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.10 views

SUSE: Security Advisory (SUSE-SU-2018:2041-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8AI score0.49268EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.47 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management CLM, Rational Requirements Composer RRC, Rational DOORS Next Generation RDNG, Rational Engineering...

5CVSS5.4AI score0.9986EPSS
Exploits1Affected Software8
Citrix
Citrix
added 2021/02/02 12:0 a.m.6 views

Hotfix XS82E015 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| None Content live patchable| No Baselines for Live Patch| N/A Revision History| Published on Feb02, 2021 To...

7.2AI score
Exploits0
OSV
OSV
added 2020/12/21 9:47 p.m.7 views

MGASA-2020-0465 Updated compat-openssl10 packages fix security vulnerabilities

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

5.9CVSS5.2AI score0.06968EPSS
Exploits3References7
Veracode
Veracode
added 2020/09/21 6:18 a.m.26 views

Information Disclosure

openssl is vulnerable to information disclosure. The vulenerability exists through the ability to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite, if an implementation re-uses a DH secret across multiple TLS connections...

3.7CVSS1.6AI score0.04803EPSS
Exploits0References10Affected Software2
Rows per page
Query Builder