Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Diffie-Hellman 安全漏洞
Vulnerability Description
Diffie-Hellman是Diffie-Hellman开源的一种密钥协商协议。该密钥协商协议允许 Alice 和 Bob 交换公钥值,并根据这些值和他们自己对应的私钥的知识,安全地计算共享密钥K,从而实现进一步的安全通信。仅知道交换的公钥值,窃听者无法计算共享密钥。 Diffie-Hellman存在安全漏洞,该漏洞源于允许远程攻击者触发不必要的DHE模幂运算,可能造成不对称资源消耗。
CVSS Information
N/A
Vulnerability Type
N/A