Vulnerabilities in SSL & TLS :- CCS injection vulnerability
17 Jan 2022, noon
9 Feb 2022, 7:26 p.m.
00:50 minutes
In this article, we will look at CVE Number CVE-2014-0224, also known as the CCS injection vulnerability. This vulnerability results from a flaw in certain versions of OpenSSL that allows an attacker to communicate using weak key material in the hope decrypting traffic later.
Main Points
- A weakness exists within a certain version of OpenSSL that allows clients and servers to be forced via specifically specially crafted handshake packet to use weak key material for communication.
- Via a person-in-the-middle context an attacker maybe able to decrypt/modify traffic.
Quick Reference
Description
A weakness in certain versions of OpenSSL that allows an attacker to use weak key material for communication with the hope decrypting traffic later.
Name
CCS injection vulnerability
CVE Number
CVE-2014-0224
Type of Vulnerability
Vulnerability in the OpenSSL library.
Affected
OpenSSL versions said to be affected include:
- Versions before 0.9.8za
- 1.0.0 before 1.0.0m
- 1.0.1 before 1.0.1h
Remediation
Upgrade to a non-vulnerable version of the OpenSSL Library.
Anonymous
You're not logged in; your comment will be anonymous.
Log in here to post from your account, or via your social media account:
0 comments
