Page 3 of 13 results (0.007 seconds)

CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 2

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. El protocolo TLS 1.2 y versiones anteriores soporta los valores rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh y ecdsa_fixed_ecdh para ClientCertificateType pero no documenta directamente la habilidad para computar el secreto maestro en determinadas situaciones con una clave de cliente secreta y una clave pública de servidor pero no una clave secreta de servidor, lo que facilita a atacantes man-in-the-middle suplantar servidores TLS aprovechando el conocimiento de la clave secreta para un certificado cliente X.509 arbitrariamente instalado, también conocido como problema "Key Compromise Impersonation (KCI)". • http://twitter.com/matthew_d_green/statuses/630908726950674433 http://www.openwall.com/lists/oss-security/2016/09/20/4 http://www.securityfocus.com/bid/93071 https://kcitls.org https://security.netapp.com/advisory/ntap-20180626-0002 https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf • CWE-295: Improper Certificate Validation •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. El algoritmo MD5 Message-Digest no resistente a colisión, el cual hace más fácil para atacantes dependientes de contexto, llevar a cabo ataques de suplantación, como lo demuestran los ataques de utilización de MD5 en la firma del algoritmo de un certificado X.509. • https://www.exploit-db.com/exploits/24807 http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx http://secunia.com/advisories/33826 http://secunia.com/advisories/34281 http://secunia.com/advisories/42181 http://securityreason.com/securityalert/4866 http://securitytracker.com/id?1024697 http://www.cisco.com/en/US/products/products_security_response09186a0080a5d2 • CWE-310: Cryptographic Issues •

CVSS: 7.8EPSS: 14%CPEs: 9EXPL: 0

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. El protocolo IPv6 permite a atacantes remotos provocar una denegación de servicio mediante cabeceras IPv6 de enrutamiento de tipo 0 (IPV6_RTHDR_TYPE_0) lo cual provoca amplificación de la red entre dos enrutadores. • http://docs.info.apple.com/article.html?artnum=305712 http://docs.info.apple.com/article.html?artnum=306375 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://openbsd.org/errata39.html#022_route6 http://openbsd.org/errata40.html#012_route6 http://secunia.com/advisories/24978 http://secunia.com/advisories/25033 http://secunia.com/advisories/25068 http://secunia.com/advisories/25083 http://secunia.com/advisories/25288 http://secunia.com/advisories/25 •