First published: Wed Jun 20 2012(Updated: )
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
OpenSSL OpenSSL | =0.9.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.