OpenSSL 1.0.2 < 1.0.2f Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2f. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2f advisory. - The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriat...

OpenSSL 'Diffie-Hellman small subgroups' MitM Attack Vulnerability - Windows

OpenSSL is prone to a man-in-the-middle MitM attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenSSL 'Diffie-Hellman small subgroups' MitM Attack Vulnerability - Linux

OpenSSL is prone to a man-in-the-middle MitM attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

lib32-openssl: man-in-the-middle

CVE-2015-3197 man-in-the-middle A flaw was found in the way malicious SSL/TLS clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSL/TLS connections, making them vulnerable to man-in-the-middle attacks. -...

openssl: man-in-the-middle

CVE-2015-3197 man-in-the-middle A flaw was found in the way malicious SSL/TLS clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSL/TLS connections, making them vulnerable to man-in-the-middle attacks. -...

Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic

The OpenSSL Foundation has released the promised patch for a high severity vulnerability in its cryptographic code library that let attackers obtain the key to decrypt HTTPS-based communications and other Transport layer security TLS channels. OpenSSL is an open-source library that is the most...

January 2016 OpenSSL Patch Diffie Hellman Safe Primes

The OpenSSL project team today patched two vulnerabilities in the crypto library, one of which is rated high severity. The patches are in new releases of OpenSSL, 1.0.1r and 1.0.2f, and were made along with an enhancement to the strength of the cryptography in a previous mitigation for last year’...

OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol

Overview OpenSSL may generate unsafe primes for use in the Diffie-Hellman protocol, which may lead to disclosure of enough information for an attacker to recover the private encryption key. Description CWE-325: Missing Required Cryptographic Step - CVE-2016-0701OpenSSL 1.0.2 introduced the abilit...

openSUSE: Security Advisory for openldap2 (openSUSE-SU-2016:0255-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for openldap2 (important)

This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

SUSE-SU-2016:0262-1 Security update for openldap2

This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

Security update for openldap2 (important)

This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

openSUSE Security Update : openldap2 (openSUSE-2016-92) (Logjam)

This update fixes the following security issues : - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

SUSE SLED12 / SLES12 Security Update : openldap2 (SUSE-SU-2016:0224-1) (Logjam)

This update fixes the following security issues : - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

Security update for openldap2 (important)

This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

SUSE-SU-2016:0224-1 Security update for openldap2

This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

Oracle Secure Global Desktop Multiple Vulnerabilities (January 2016 CPU) (Logjam)

The version of Oracle Secure Global Desktop installed on the remote host is version 4.63 / 4.71 / 5.2 and is missing a security patch from the January 2016 Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the bundled version of Apache HTT...

What the heck is RFC 5114?

Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... I already talked about Diffie–Hellman DH from now on in TLS in my previous post: Small subgroup attack in Mozilla NSS. As mentioned FWIW I strongly agree with Google Chro...

Updated bouncycastle packages fix security vulnerability

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack" CVE-2015-7940...

Small subgroup attack in Mozilla NSS

tl;dr While the TLS servers attacks has been pretty much studied and fixed see e.g. https://www.secure-resumption.com/ and https://weakdh.org/ the situation with the TLS clients is was not ideal and can be improved. Here I report a Small subgroup attack for TLS clients that I performed against...