Diffie-Hellman Key Weakness in ProFTPD by ProFTPD Project
CVE-2016-3125

7.5HIGH

Key Information:

Vendor

Proftpd

Status
Proftpd
Vendor
CVE Published:
5 April 2016

What is CVE-2016-3125?

The mod_tls module in ProFTPD versions before 1.3.5b and within the 1.3.6 range, up to but not including 1.3.6rc2, has a vulnerability related to the TLSDHParamFile directive. This flaw may allow the use of weaker Diffie-Hellman (DH) keys than intended, exposing the communication to potential attackers who could exploit this weakness through unverified methods.

References

http://lists.opensuse.org/opensuse-updates/2016-06/msg000...
vendor-advisoryx_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2016/03/11/14
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.