Inadequate RC4 Implementation in TLS/SSL Protocols by Various Vendors
CVE-2015-2808
Currently unrated
Key Information:
- Vendor
- Oracle
- Status
- Vendor
- CVE Published:
- 1 April 2015
Summary
The RC4 cipher, utilized within TLS and SSL protocols, suffers from a serious flaw that improperly initializes state and key data. This weakness allows attackers to potentially recover plaintext by conducting targeted sniffing of network traffic. By exploiting this vulnerability, often referred to as the 'Bar Mitzvah' issue, attackers can leverage a brute-force approach on specific byte sequences, endangering the confidentiality of sensitive information transmitted over affected connections.
References
EPSS Score
48% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved