Man-in-the-Middle Vulnerability in EMC RSA BSAFE Micro Edition Suite and SSL-J
CVE-2014-4630

Currently unrated

Key Information:

Vendor: Dell
Status: Bsafe Micro-edition-suite; Bsafe Ssl-j
Vendor: CVE Published:; 30 December 2014

Summary

EMC RSA BSAFE Micro Edition Suite and RSA BSAFE SSL-J contain a vulnerability where the system does not verify that the X.509 certificate of a server remains consistent during TLS session renegotiation. As a result, this flaw permits attackers to conduct a man-in-the-middle attack, potentially allowing unauthorized access to sensitive data or manipulation of existing TLS session data through a technique known as a triple handshake.

References

http://archives.neohapsis.com/archives/bugtraq/2014-12/01...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/72534

vdb-entryx_refsource_BID

https://secure-resumption.com/

x_refsource_MISC

Timeline

Vulnerability published
Dec 30, 2014
Vulnerability Reserved
Jun 24, 2014