CVE-2006-0999

Name of the Vulnerable Software and Affected Versions Novell NetWare version 6.5 Novell Open Enterprise Server (OES)

Description The issue allows a client to force the server to use weak encryption, potentially enabling remote attackers to decrypt contents of an SSL protected session. This occurs when a client claims that a weak cipher is necessary for compatibility.

Recommendations For Novell NetWare version 6.5, consider disabling the SSL server implementation in NILE.NLM until a fix is available. For Novell Open Enterprise Server (OES), restrict the use of weak ciphers in the SSL server configuration to minimize the risk of exploitation.