Many products implementing TLS-based services allow for fallback to SSL v3.0 for compatibility reasons. CVE-2014-3566, published 14 October 2014, identified a vulnerability that could expose systems to man-in-the-middle attacks when such fallback is permitted. Details can be found at: CVE-2014-3566. Exploitation of this vulnerability would require a sophisticated attacker to…
Posted on 17 October 2014 by Andrew Gertz in Certificate-based Tokens (eToken, iKey, SmartCards), Crypto Hypervisor/Crypto Command Center, General Authentication, General Crypto Management, General Encryption, High Speed Encryptions, Luna HSM, Middleware (SAC, SHAC), payShield HSM, ProtectServer HSM, SafeNet Authentication Manager, SafeNet Authentication Service, SafeNet Authentication Service Agent, SafeNet DataSecure, SafeNet KeySecure, SafeNet MobilePASS & MobilePASS+, SafeNet OTP Tokens (eToken PASS, GOLD, RB1, KT-4, KT-5), SafeNet PIN Delivery, SafeNet ProtectApp, SafeNet ProtectDB, SafeNet ProtectDrive, SafeNet ProtectFile, SafeNet ProtectV, SafeNet StorageSecure, SafeNet Tokenization, SafeWord/SafeNet Authentication Manager Express, SAS Cloud Operations, Security Notifications
