Many products implementing TLS-based services allow for fallback to SSL v3.0 for compatibility reasons. CVE-2014-3566, published 14 October 2014, identified a vulnerability that could expose systems to man-in-the-middle attacks when such fallback is permitted. Details can be found at: CVE-2014-3566. Exploitation of this vulnerability would require a sophisticated attacker to…
Posted on 17 October 2014 by Andrew Gertz in Certificate-based Tokens (eToken, iKey, SmartCards), Crypto Hypervisor/Crypto Command Center, General Authentication, General Crypto Management, General Encryption, High-Speed Encryption (Ethernet, SONET, Fiber Channel, Security Management Console), Middleware (SAC, SHAC), SafeNet Authentication Manager, SafeNet Authentication Service, SafeNet Authentication Service Agent, SafeNet DataSecure, SafeNet General Purpose HSMs (formerly Luna SA, PCI, G5), SafeNet KeySecure, SafeNet MobilePASS & MobilePASS+, SafeNet OTP Tokens (eToken PASS, GOLD, RB1, KT-4, KT-5), SafeNet Payment HSM, SafeNet PIN Delivery, SafeNet ProtectApp, SafeNet ProtectDB, SafeNet ProtectDrive, SafeNet ProtectFile, SafeNet ProtectServer HSM, SafeNet ProtectV, SafeNet StorageSecure, SafeNet Tokenization, SafeWord/SafeNet Authentication Manager Express, SAS Cloud Operations, Security Notifications