Описание
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an ...
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | |
| focal | not-affected | |
| impish | not-affected | |
| jammy | not-affected | |
| kinetic | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | uses system openssl1.0 |
| devel | not-affected | uses system openssl1.1 |
| esm-apps/bionic | not-affected | uses system openssl1.0 |
| esm-apps/focal | not-affected | uses system openssl1.1 |
| esm-apps/jammy | not-affected | uses openssl 1.1 |
| esm-apps/noble | not-affected | uses system openssl1.1 |
| esm-apps/xenial | not-affected | uses system openssl |
| esm-infra-legacy/trusty | not-affected | uses system openssl |
| focal | not-affected | uses system openssl1.1 |
| impish | not-affected | uses system openssl1.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | v3.x only |
| devel | released | 3.0.2-0ubuntu2 |
| esm-infra-legacy/trusty | not-affected | v3.x only |
| esm-infra/bionic | not-affected | v3.x only |
| esm-infra/focal | not-affected | v3.x only |
| esm-infra/xenial | not-affected | v3.x only |
| fips-preview/jammy | released | 3.0.2-0ubuntu1.1 |
| fips-updates/bionic | not-affected | v3.x only |
| fips-updates/focal | not-affected | v3.x only |
| fips-updates/jammy | released | 3.0.2-0ubuntu1.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an ...
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an Ope
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly ...
Incorrect MAC key used in the RC4-MD5 ciphersuite
Уязвимость набора шифров RC4-MD5 библиотеки OpenSSL, позволяющая нарушителю реализовать атаку типа «человек посередине»
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3