CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
78.7%
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a
does not ensure that the PRNG is seeded before proceeding with a handshake,
which makes it easier for remote attackers to defeat cryptographic
protection mechanisms by sniffing the network and then conducting a
brute-force attack.
Author | Note |
---|---|
mdeslaur | 1.0.2 only |