One Article Review
| Source |  Fortinet |
|---|---|
| Identifiant | 459414 |
| Date de publication | 2018-01-12 11:39:59 (vue: 2018-01-12 11:39:59) |
| Titre | An Analysis of the OpenSSL SSL Handshake Error State Security Bypass (CVE-2017-3737) |
| Texte | OpenSSL is a widely used library for SSL and TLS protocol implementation that secures data using encryption and decryption based on cryptographic functions. However, a Security Bypass vulnerability – recently addressed in a patch by the OpenSSL Project –can be exploited to make vulnerable SSL clients or remote SSL servers send clean application data without encryption. This Security Bypass vulnerability (CVE-2017-3737) is caused by an error when the SSL_read or SSL_write function handles an "error state" during an SSL handshake.... |
| Notes | |
| Envoyé | Oui |
| Condensat | –can 2017 3737 addressed analysis application based bypass caused clean clients cryptographic cve data decryption during encryption error exploited function functions handles handshake however implementation library make openssl patch project protocol read recently remote secures security send servers ssl state tls used using vulnerability vulnerable when widely without write |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.