OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability.
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssl | Openssl | * | 0.9.8za (excluding) |
Openssl | Openssl | 1.0.0 (including) | 1.0.0m (excluding) |
Openssl | Openssl | 1.0.1 (including) | 1.0.1h (excluding) |