CVE-2015-0285

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2a (excluding 1.0.2a)

Description The issue is related to the ssl3 client hello function in OpenSSL, which does not ensure the proper initialization of the pseudorandom number generator (PRNG) before the handshake procedure. This can be exploited by a remote attacker to bypass cryptographic protection mechanisms by analyzing network traffic and conducting a brute-force attack.

Recommendations For OpenSSL versions 1.0.2 through 1.0.2a (excluding 1.0.2a), update to version 1.0.2a or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.