Handshake with Unseeded PRNG Vulnerability (CVE-2015-0285)
Data de publicação: 13 agosto 2015
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2015-0285
Data do informe: 19 março 2015
Descrição
This vulnerability is found in the ssl3_client_hello function in s3_clnt.c (OpenSSL 1.0.2 before 1.0.2a). When exploited successfully, it may be possible for remote attackers to bypass cryptographic protections mechanisms via sniffing the network and brute force attack.
Users are advised to upgrade their OpenSSL to version 1.0.2a.
Solução
Alteração: : https://www.openssl.org/news/secadv_20150319.txt