2 matches found
TLS DHE_EXPORT Information Disclosure (MS15-055; CVE-2015-1716; CVE-2015-4000)
An information disclosure vulnerability exists in multiple implementations of TLS 1.2 and earlier, when Ephemeral Diffie-Hellman cipher suites including their EXPORT versions are used. It is possible to downgrade a DHE cipher to a DHEEXPORT cipher, which can be broken, and thereby perform a...
CVE-2015-1716
CVE-2015-1716 is an information-disclosure vulnerability in Schannel (Windows) caused by improper restriction of Diffie-Hellman Ephemeral key lengths. Connected advisories describe it as affecting TLS configurations that permit DHE_EXPORT/weak keys, enabling MITM-style decryption of TLS traffic (...