CVE-2015-8960

Name of the Vulnerable Software and Affected Versions TLS protocol versions 1.2 and earlier

Description The issue allows man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate. This is due to the TLS protocol supporting certain values for ClientCertificateType, but not directly documenting the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key.

Recommendations For TLS protocol versions 1.2 and earlier, consider disabling the use of rsa fixed dh, dss fixed dh, rsa fixed ecdh, and ecdsa fixed ecdh values for ClientCertificateType as a temporary workaround until a patch is available. Restrict access to client X.509 certificates to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.