|
Family: Misc. --> Category: infos
OpenSSL password interception Vulnerability Scan
Vulnerability Scan Summary Checks for version of OpenSSL
Detailed Explanation for this Vulnerability Test
The remote host is using a version of OpenSSL which is
older than 0.9.6j or 0.9.7b
This version is vulnerable to a timing based attack which may
allow a possible hacker to guess the content of fixed data blocks and
may eventually be able to guess the value of the private RSA key
of the server.
A possible hacker may use this implementation flaw to sniff the
data going to this host and decrypt some parts of it, as well
as impersonate your server and perform man in the middle attacks.
*** Nessus solely relied on the banner of the remote host
*** to issue this warning
See also : http://www.openssl.org/news/secadv_20030219.txt
http://lasecwww.epfl.ch/memo_ssl.shtml
http://eprint.iacr.org/2003/052/
Solution : Upgrade to version 0.9.6j (0.9.7b) or newer
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|