Уязвимость утечки данных в протоколах TLS и SSL через использование алгоритма RC4
Описание
Алгоритм RC4, используемый в протоколах TLS и SSL, обладает множеством однобайтовых смещений, что упрощает злоумышленникам проведение атак на восстановление открытого текста. Это достигается с помощью статистического анализа зашифрованного текста в большом количестве сеансов, использующих один и тот же открытый текст.
Тип уязвимости
Утечка данных
Затронутые версии ПО
Не указаны
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одно из
Одно из
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has m ...
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2