The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-06-20T17:00:00Z
Updated: 2024-09-16T20:31:45.218Z
Reserved: 2012-06-20T00:00:00Z
Link: CVE-2011-5095
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-06-20T17:55:01.667
Modified: 2024-11-21T01:33:37.400
Link: CVE-2011-5095
Redhat