5 matches found
CVE-2023-21115
In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-21115
In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
A flaw was discovered in the Bluetooth protocol. An attacker within physical proximity to the Bluetooth connection could downgrade the encryption protocol to be trivially brute forced...
TLS and SSL Diffie-Hellman Key Downgrade Weakness (CVE-2015-1716; CVE-2015-4000)
A vulnerability has been detected in the way TLS protocol handles weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...
DEBIAN-CVE-2015-0204
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...