TLS Protocol Vulnerability in Certain Implementations by Various Providers
CVE-2015-8960

8.1HIGH

Key Information:

Vendor

Ietf

Status
Transport Layer Security
Vendor
CVE Published:
21 September 2016

What is CVE-2015-8960?

The vulnerability in the TLS protocol allows for improper handling of client certificates, which may expose systems to man-in-the-middle attacks. Attackers can exploit a flaw in the protocol by using knowledge of a client secret key alongside a server's public key to impersonate TLS servers. This results in unauthorized access and potential data breaches as they can masquerade as legitimate servers through a compromised client certificate.

References

http://www.openwall.com/lists/oss-security/2016/09/20/4
mailing-listx_refsource_MLIST
http://twitter.com/matthew_d_green/statuses/6309087269506...
x_refsource_MISC
http://www.securityfocus.com/bid/93071
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.