CCS injection
Man-in-the-middle attackers can use a crafted TLS handshake to induce the use of a zero-length master key in specific OpenSSL-to-OpenSSL interactions and hence hijack sessions or steal sensitive information in OpenSSL versions before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h due to these versions not correctly restricting the processing of ChangeCipherSpec messages, hence the CCS Injection vulnerability.