TLS Vulnerability in Microsoft Windows Products Allowing Man-in-the-Middle Attacks
CVE-2015-6112
Currently unrated
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 11 November 2015
Summary
The SChannel component in affected Microsoft Windows operating systems does not fully implement the required extended master-secret binding support. This flaw allows an attacker to exploit a vulnerability during the TLS session renegotiation process, specifically through a method known as a 'triple handshake attack.' By executing this attack, the malicious actor may intercept sensitive data or potentially alter TLS session data, putting users' information at risk.
References
EPSS Score
7% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved