Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2016-0704 - Vulnerability Database
OpenSSL

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2016-0704

Medium
Reference: CVE-2016-0704
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-0704
Title: OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf 1.0.0 before 1.0.0r 1.0.1 before 1.0.1m and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle a related issue to CVE-2016-0800.