Описание
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1. ...
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.
Уязвимость библиотеки OpenSSL, позволяющая нарушителю обойти механизм криптографической защиты
EPSS
4.3 Medium
CVSS2