Divide-and-conquer key recovery attack vulnerability in the SSLv2 handshake in OpenSSLID: oval:org.secpod.oval:def:33161 | Date: (C)2016-03-02 (M)2023-03-31 |
Class: VULNERABILITY | Family: windows |
The host is installed with OpenSSL 1.0.2, 1.0.1 before 1.0.1m, 1.0.0 before 1.0.0r or 0.9.8ze and earlier versions and is prone to a divide-and-conquer key recovery attack vulnerability. A flaw is present in the application, which fails to handle s2_srvr.c which do not enforce that clear-key-length is 0 for non-export ciphers. Successful exploitation allows remote attackers to use the server as an oracle to determine the SSLv2 master-key and leads to a more efficient version of DROWN that is effective against non-export ciphersuites.
Platform: |
Microsoft Windows 11 |
Microsoft Windows Server 2022 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2016 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows 10 |