PT-2013-3844 · Ietf+1 · Ssl+2

Bertram Poettering

Publicado

2013-03-14

Atualizado

2026-05-22

CVE-2013-2566

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions TLS protocol (affected versions not specified) SSL protocol (affected versions not specified)

Description The issue concerns the RC4 algorithm used in the TLS and SSL protocols, which contains single-byte biases. This weakness allows remote attackers to potentially recover plaintext through statistical analysis of ciphertext in multiple sessions that utilize the same plaintext.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

ALT-PU-2013-1150

ALT-PU-2013-1334

ALT-PU-2014-1201

CVE-2013-2566

MGASA-2013-0337

Produtos afetados

Alt Linux

Ssl

Tls

PT-2013-3844 · Ietf+1 · Ssl+2

CVE-2013-2566

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 34