Stunnel Weak Encryption Vulnerability

Stunnel is an SSL encryption wrapper by Michal Trojnara. It is available for a number of platforms including Windows, Solaris, FreeBSD, Debian Linux and RedHat Linux.

Due to inadequate seeding of the pseudorandom number generator, affected versions (3.8 and earlier) may provide insufficiently robust encryption. The vendor's advisory notes that this only affects versions which run on systems lacking /dev/urandom, including Solaris and Windows.

This weakness could allow an attacker to more readily read protected information, which could in turn lead to further compromises of system security.


 

Privacy Statement
Copyright 2010, SecurityFocus