1321 matches found
CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...
TLS protocol man-in-the-middle attack vulnerability
TLS Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating applications. A security vulnerability exists in the TLS protocol version 1.2 and earlier. When the server enabled the DHEEXPORT cipher suite, the program failed to...
New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs
Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade...
LogJam — This New Encryption Glitch Puts Internet Users at Risk
After HeartBleed, POODLE and FREAK encryption flaws, a new encryption attack has been emerged over the Internet that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, an...
TLS and SSL Diffie-Hellman Key Downgrade Weakness (CVE-2015-1716; CVE-2015-4000)
A vulnerability has been detected in the way TLS protocol handles weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...
SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:0281-1)
This strongswan update fixes the following security and non security issues. - Disallow brainpool elliptic curve groups in fips mode bnc856322. - Applied an upstream fix for a denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that contains the Diffie-Hellma...
UBUNTU-CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...
Microsoft windows Schannel weak Diffie-Hellman ephemeral key length sensitive information disclosure vulnerability
Microsoft Windows is a popular operating system. A security vulnerability exists in Microsoft Windows Schannel when a 512-bit weak Diffie-Hellman ephemeral key length is used in an encrypted TLS session, which allows remote attackers to decrypt the weak key and obtain sensitive information by...
CVE-2015-1716
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral DHE key lengths, which makes it easier for...
Microsoft Schannel Information Disclosure Vulnerability (3061518)
This host is missing an important security update according to Microsoft Bulletin MS15-055. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Debian DLA-23-1 : nss security update
CVE-2013-1741 Runaway memset in certificate parsing on 64-bit computers leading to a crash by attempting to write 4Gb of nulls. CVE-2013-5606 Certificate validation with the verifylog mode did not return validation errors, but instead expected applications to determine the status by looking at th...
Debian DLA-173-1 : putty security update
MATTA-2015-002 Florent Daigniere discovered that PuTTY did not enforce an acceptable range for the Diffie-Hellman server value, as required by RFC 4253, potentially allowing an eavesdroppable connection to be established in the event of a server weakness. 779488 CVE-2015-2157 Patrick Coleman...
OpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2a. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2a advisory. - An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8z...
OpenSSL 'ssl3_get_client_key_exchange' function denial of service vulnerability
OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A denial of service vulnerability exists in OpenSSL version 1.0.2. Due to a vulnerability within the implementation of the...
PT-2015-1688 · Openssl +1 · Openssl +3
Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a excluding 1.0.2a Description: The issue allows remote attackers to cause a denial of service daemon crash via a ClientKeyExchange message with a length of zero, when client authentication and an ephemeral...
[SECURITY] [DSA 3190-1] putty security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3190-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 15, 2015 http://www.debian.org/security/faq -...
Debian DSA-3190-1 : putty - security update
Patrick Coleman discovered that the Putty SSH client failed to wipe out unused sensitive memory. In addition Florent Daigniere discovered that exponential values in Diffie Hellman exchanges were insufficienty restricted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
Debian Security Advisory DSA 3190-1 (putty - security update)
Patrick Coleman discovered that the Putty SSH client failed to wipe out unused sensitive memory. In addition Florent Daigniere discovered that exponential values in Diffie Hellman exchanges were insufficienty restricted. OpenVAS Vulnerability Test $Id: deb3190.nasl 6609 2017-07-07 12:05:59Z...
DSA-3190-1 putty - security update
Bulletin has no description...
DLA-173-1 putty - security update
Bulletin has no description...