So Adam Langley writes SSLv3 decoding function was used with TLS,
then the POODLE attack would work, even against TLS connections. on
his the latest POODLE affecting TLS 1.x.
(https://www.imperialviolet.org/).
I also received a notification from Symantec's DeepSight, that states:
OpenSSL
On Tue, Dec 9, 2014 at 11:26 AM, Salz, Rich rs...@akamai.com wrote:
I also received a notification from Symantec's DeepSight, that states:
OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure
Vulnerability.
Did Symantic really label it an OpenSSL CVE? That's wrong.
OpenSSL does
Sorry folks - I was fixated on something else to see the obvious.
-Amarendra
On Sun, Jan 26, 2014 at 10:22 AM, Amarendra Godbole
amarendra.godb...@gmail.com wrote:
Hi,
I am analyzing CVE-2013-4353, and the CVSS vector mentions Au
parameter to N [1] From what I understand, the culprit code
Hi,
I am analyzing CVE-2013-4353, and the CVSS vector mentions Au
parameter to N [1] From what I understand, the culprit code is called
in the Server Finish message of the handshake, which is the last step
- by this time the client has authenticated the server (step 3). So
why does the CVSS
Hi,
I am analyzing CVE-2013-4353, and the CVSS vector mentions Au
parameter to N [1] From what I understand, the culprit code is called
in the Server Finish message of the handshake, which is the last step
- by this time the client has authenticated the server (step 3). So
why does the CVSS