Описание
A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.
To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.
The update addresses the vulnerability by correcting how TLS components use hash algorithms.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
5.4 Medium
CVSS3
5.3 Medium
CVSS3
2.9 Low
CVSS2
Дефекты
Связанные уязвимости
A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka 'TLS Information Disclosure Vulnerability'.
Уязвимость реализации протокола TLS (Transport Layer Security) операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.4 Medium
CVSS3
5.3 Medium
CVSS3
2.9 Low
CVSS2