PT-2015-5903 · Rc4+8 · Rc4+8

Itsik Mantin

·

Publicado

2015-03-31

·

Atualizado

2026-05-28

·

CVE-2015-2808

CVSS v3.1

3.7

Baixa

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions RC4 (affected versions not specified)
Description The RC4 algorithm, used in the TLS and SSL protocols, does not properly combine state data with key data during the initialization phase. This weakness, known as the Invariance Weakness, allows remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by capturing network traffic that relies on affected keys. The attackers can then use a brute-force approach involving LSB values to obtain plaintext data. This issue is also referred to as the "Bar Mitzvah" problem.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327

Identificadores relacionados

CESA-2015_1228
CESA-2015_1229
CESA-2015_1526
CVE-2015-2808
DLA-303-1
DSA-3316-1
DSA-3339-1
HPSBUX03512
MGASA-2015-0277
MGASA-2015-0280
OPENSUSE-SU-2015_1288-1
OPENSUSE-SU-2015_1289-1
OPENSUSE-SU-2024:10197-1
OPENSUSE-SU-2024:10534-1
RHSA-2015:1006
RHSA-2015:1007
RHSA-2015:1020
RHSA-2015:1021
RHSA-2015:1091
RHSA-2015:1228
RHSA-2015:1229
RHSA-2015:1230
RHSA-2015:1241
RHSA-2015:1242
RHSA-2015:1243
RHSA-2015:1526
RHSA-2015_1006
RHSA-2015_1020
RHSA-2015_1021
RHSA-2015_1228
RHSA-2015_1229
RHSA-2015_1230
RHSA-2015_1241
RHSA-2015_1242
RHSA-2015_1243
RHSA-2015_1526
SUSE-SU-2015:1073-1
SUSE-SU-2015:1161-1
SUSE-SU-2015:1319-1
SUSE-SU-2015:1320-1
SUSE-SU-2015:1329-1
SUSE-SU-2015:1331-1
SUSE-SU-2015:1345-1
SUSE-SU-2015:1375-1
SUSE-SU-2015:1509-1
SUSE-SU-2015:2166-1
SUSE-SU-2015:2192-1
USN-2696-1
USN-2706-1

Produtos afetados

Centos
Hp-Ux
Huawei Vrp
Ibm Aix
Java Platform
Rc4
Red Hat
Suse
Ubuntu