Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenSSL‘ssl3_client_hello’函数安全漏洞
Vulnerability Description
OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.0.2a之前1.0.2版本的s3_clnt.c文件中的‘ssl3_client_hello’函数存在安全漏洞。远程攻击者可通过嗅探网络并实施暴力破解攻击利用该漏洞破坏密码保护机制。
CVSS Information
N/A
Vulnerability Type
N/A