CCS injection

Man-in-the-middle attackers can use a crafted TLS handshake to induce the use of a zero-length master key in specific OpenSSL-to-OpenSSL interactions and hence hijack sessions or steal sensitive information in OpenSSL versions before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h due to these versions not correctly restricting the processing of ChangeCipherSpec messages, hence the CCS Injection vulnerability.

Vulnerabilities in SSL & TLS :- CCS injection vulnerability by evilsaint