CVE-2015-1637

Name of the Vulnerable Software and Affected Versions Secure Channel (Schannel) (affected versions not specified)

Description A security feature bypass issue exists due to a problem in the TLS state machine, where a client system accepts an RSA key with a shorter key length than the originally negotiated key length. This issue facilitates exploitation of the FREAK technique, allowing an attacker to downgrade the key length of an RSA key to EXPORT-grade length in an encrypted TLS session during a man-in-the-middle (MiTM) attack. The attacker could then intercept and decrypt this traffic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.