- Description
- The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-310
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23"
}
],
"operator": "OR"
}
]
}
]