CVE-2016-0701

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2e

Description The issue is related to the DH check pub key function in the crypto/dh/dh check.c file, which does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange. This makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number. The vulnerability can be exploited to allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on an SSL/TLS connection.

Recommendations For OpenSSL versions 1.0.2 through 1.0.2e, update to version 1.0.2f or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.