Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library? This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
SSL and TLS Renegotiation Vulnerability - The vulnerability involves a flaw in renegotiation and allows man-in-the-middle attackers to
surreptitiously introduce text at the beginning of an SSL session
SSL and TLS Renegotiation Vulnerability - The vulnerability involves a flaw in renegotiation and allows man-in-the-middle attackers to surreptitiously introduce text at the beginning of an ASK session.
where poodle is POODLE stands for ( “Padding Oracle On Downgraded Legacy Encryption”). In this vulnerability, an attacker which is Man-in-the-Middle(MiTM) first
Downgrade the TLS connection to SSLv3.
Then if the cipher suite uses RC4 or Block cipher in CBC mode, attacker can retrieve partial bytes of encrypted text and later on can get full plain text.
VCVE-2014-01601 bug is in the OPENSSL's Implmentation of the TLS/DTSL hearbeat extension, It is expolited to the lea of memory content from the server to client and from the client to the server
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
devag
7 months, 3 weeks agojersey5
8 months, 3 weeks agojersey5
8 months, 3 weeks agojagadeesh666
9 months, 2 weeks agoTrendMicroDLPSSucks
11 months, 3 weeks agoTrendMicroDLPSSucks
11 months, 3 weeks ago