SA40145 - [Pulse Secure] January 28th 2016 OpenSSL Security Advisory

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On January 28th 2016 the OpenSSL project announced two new security advisories. The OpenSSL advisory can be found at the following link: https://www.openssl.org/news/secadv/20160128.tx...

OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Usual Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL...

Internet Bug Bounty: OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Full write up: http://intothesymmetry.blogspot.ch/2016/01/openssl-key-recovery-attack-on-dh-small.html DH small subgroups CVE-2016-0701 ================================== Severity: High Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently in version...