2 matches found
Vulnerability in OpenSSL - Encrypt-Then-Mac renegotiation crash
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL to crash dependent on ciphersuite. Both clients and servers are affected. Found by Joe Orton Red Hat...
USN-835-1: neon vulnerabilities
Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...