Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability - referred to as DROWN in public reporting - may allow a remote attacker to obtain the private key of a server supporting SSLv2.
US-CERT encourages users and administrators to review Vulnerability Note VU#583776 and the US-CERT OpenSSL Current Activity for additional information and mitigation details.
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/1oWTWJH
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.