Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenSSL ‘Diffie-Hellman key-exchange’安全漏洞
Vulnerability Description
OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 0.9.8中的Diffie-Hellman key-exchange的实现上存在漏洞。当FIPS模块启用时,未正确验证公告参数。中间人攻击者可利用该漏洞通过修改网络流量获得共享密钥。
CVSS Information
N/A
Vulnerability Type
N/A