1332 matches found
FreeBSD-SA-15:10.openssl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:10.openssl Security Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2015-06-12 Affects: All...
OpenSSL Patches Five Flaws, Adds Protection Against Logjam Attack
The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software. Most of the vulnerabilities fixed in the new releases are denial-of-service bugs, but one of them can potentially...
Unjam the logjam
Security Unjam the logjam Share June 9th, 2015 When a browser and website communicate over a secure connection, they encrypt and decrypt the data using a shared symmetric encryption key; the same key is used for encryption and decryption. In order for the browser and server to make sure they use...
CentOS Update for openssl CESA-2015:1072 centos7
Check the version of openssl SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882194";...
RedHat Update for openssl RHSA-2015:1072-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 6 / 7 : openssl (CESA-2015:1072) (Logjam)
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
Moderate: Red Hat Security Advisory: openssl security update
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time depending on modulus size and attacker resources. This may allow an attacker to...
Logjam attacks-the new encryption bug affects a large number of users-bug warning-the black bar safety net
Diffie-Hellman key exchange technology is one of the popular encryption algorithm which allows the Internet Protocol uses a shared key and a secure link. It is a multi-Protocol based including HTTPS, SSH, IPsec, SMTPS and some rely on the TLS Protocol. We have found a number of Diffie-Hellman key...
CVE-2015-4000 - Citrix Security Advisory for DHE_EXPORT TLS Vulnerability
Overview A TLS protocol vulnerability has been recently disclosed that could result in attackers being able to intercept and modify SSL/TLS encrypted traffic to servers that support Diffie-Hellman based export cipher suites. This vulnerability is known as 'LogJam' and has been assigned the...
DEBIAN-CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...
CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...
TLS protocol man-in-the-middle attack vulnerability
TLS Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating applications. A security vulnerability exists in the TLS protocol version 1.2 and earlier. When the server enabled the DHEEXPORT cipher suite, the program failed to...
New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs
Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade...
LogJam — This New Encryption Glitch Puts Internet Users at Risk
After HeartBleed, POODLE and FREAK encryption flaws, a new encryption attack has been emerged over the Internet that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, an...
UBUNTU-CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...
TLS and SSL Diffie-Hellman Key Downgrade Weakness (CVE-2015-1716; CVE-2015-4000)
A vulnerability has been detected in the way TLS protocol handles weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...
SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:0281-1)
This strongswan update fixes the following security and non security issues. - Disallow brainpool elliptic curve groups in fips mode bnc856322. - Applied an upstream fix for a denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that contains the Diffie-Hellma...
Microsoft windows Schannel weak Diffie-Hellman ephemeral key length sensitive information disclosure vulnerability
Microsoft Windows is a popular operating system. A security vulnerability exists in Microsoft Windows Schannel when a 512-bit weak Diffie-Hellman ephemeral key length is used in an encrypted TLS session, which allows remote attackers to decrypt the weak key and obtain sensitive information by...
CVE-2015-1716
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral DHE key lengths, which makes it easier for...