Inadequate RC4 Implementation in TLS/SSL Protocols by Various Vendors
CVE-2015-2808

Currently unrated

Summary

The RC4 cipher, utilized within TLS and SSL protocols, suffers from a serious flaw that improperly initializes state and key data. This weakness allows attackers to potentially recover plaintext by conducting targeted sniffing of network traffic. By exploiting this vulnerability, often referred to as the 'Bar Mitzvah' issue, attackers can leverage a brute-force approach on specific byte sequences, endangering the confidentiality of sensitive information transmitted over affected connections.

References

EPSS Score

48% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.