Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TLS protocol 安全漏洞
Vulnerability Description
TLS(全称Transport Layer Security,安全传输层协议)protocol是一套用于在两个通信应用程序之间提供保密性和数据完整性的协议 TLS protocol 1.2及之前的版本中存在安全漏洞。攻击者可借助已知的任意已安装客户端X.509证书的密钥利用该漏洞实施中间人攻击,欺骗TLS服务器。
CVSS Information
N/A
Vulnerability Type
N/A