On Tue, Dec 9, 2014 at 11:26 AM, Salz, Rich wrote:
>> I also received a notification from Symantec's DeepSight, that states:
>> "OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure
>> Vulnerability".
>
> Did Symantic really label it an OpenSSL CVE? That's wrong.
>
> OpenSSL does not ha
So Adam Langley writes "SSLv3 decoding function was used with TLS,
then the POODLE attack would work, even against TLS connections." on
his the latest POODLE affecting TLS 1.x.
(https://www.imperialviolet.org/).
I also received a notification from Symantec's DeepSight, that states:
"OpenSSL CVE-20
Sorry folks - I was fixated on something else to see the obvious.
-Amarendra
On Sun, Jan 26, 2014 at 10:22 AM, Amarendra Godbole
wrote:
> Hi,
>
> I am analyzing CVE-2013-4353, and the CVSS vector mentions Au
> parameter to N [1] From what I understand, the culprit code is called
>
Hi,
I am analyzing CVE-2013-4353, and the CVSS vector mentions Au
parameter to N [1] From what I understand, the culprit code is called
in the Server Finish message of the handshake, which is the last step
- by this time the client has authenticated the server (step 3). So
why does the CVSS vector
Hi,
I am analyzing CVE-2013-4353, and the CVSS vector mentions Au
parameter to N [1] From what I understand, the culprit code is called
in the Server Finish message of the handshake, which is the last step
- by this time the client has authenticated the server (step 3). So
why does the CVSS vector
