Itsik Mantin

**Name of the Vulnerable Software and Affected Versions** RC4 (affected versions not specified) **Description** The RC4 algorithm, used in the TLS and SSL protocols, does not properly combine state data with key data during the initialization phase. This weakness, known as the Invariance Weakness, allows remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by capturing network traffic that relies on affected keys. The attackers can then use a brute-force approach involving LSB values to obtain plaintext data. This issue is also referred to as the "Bar Mitzvah" problem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.