PolarSSL Diffie Hellman Key Exchange Security Bypass Vulnerability

PolarSSL is prone to a security-bypass vulnerability.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

NOTE: Successful exploitation requires full authentication to be disabled for the following cipher suites:

1) SSL_EDH_RSA_DES_168_SHA
2) SSL_EDH_RSA_AES_128_SHA
3) SSL_EDH_RSA_AES_256_SHA
4) SSL_EDH_RSA_CAMELLIA_128_SHA
5) SSL_EDH_RSA_CAMELLIA_256_SHA

PolarSSL versions prior to 0.14.1 and 0.99-pre1 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus