25 matches found
OpenSSL Bleichenbacher oracle vulnerability
OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. OpenSSL 1.0.2, 1.0.1l, 1.0.0q, 0.9.8ze and earlier versions have a security vulnerability in export key combinations applying...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
SSL/TLS Cryptographic Degradation Man-in-the-Middle Hijacking Vulnerability
SSL/TLS is a cryptographic application. SSL/TLS has a security vulnerability that can lead to an attack known as FREAK Factoring RSA Export Keys, which can be exploited by an attacker to reduce the level of encryption and decrypt communications through a man-in-the-middle attack...
DEBIAN-CVE-2015-0204
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...
UBUNTU-CVE-2015-0204
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...