Computer Security
[EN] securityvulns.ru no-pyccku


EMC RSA BSAFE triple handhsake TLS attacks
Published:02.01.2015
Source:
SecurityVulns ID:14190
Type:m-i-t-m
Threat Level:
7/10
Description:Certificate is not validated on renegotiation.
Affected:EMC : RSA BSAFE Micro Edition Suite 4.1
 EMC : RSA BSAFE SSL-J 6.1
CVE:CVE-2014-4630 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack.")
Original documentdocumentEMC, ESA-2014-158: RSA BSAFEĀ® Micro Edition Suite and SSL-J Triple Handshake Vulnerability (02.01.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod