Posts in ‘Security Notifications’

Sort by: Most comments
 

SSL v3.0 Vulnerability (CVE-2014-3566)

Many products implementing TLS-based services allow for fallback to SSL v3.0 for compatibility reasons.  CVE-2014-3566,  published 14 October 2014, identified a vulnerability that could expose systems to man-in-the-middle attacks when such fallback is permitted. Details can be found at: CVE-2014-3566. Exploitation of this vulnerability would require a sophisticated attacker to…