The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.
References
Link | Resource |
---|---|
http://twitter.com/matthew_d_green/statuses/630908726950674433 | Press/Media Coverage Technical Description Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/09/20/4 | Mailing List Technical Description Third Party Advisory |
http://www.securityfocus.com/bid/93071 | Broken Link Third Party Advisory VDB Entry |
https://kcitls.org | Exploit Technical Description |
https://security.netapp.com/advisory/ntap-20180626-0002/ | Third Party Advisory |
https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf | Exploit Mitigation Technical Description |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2016-09-21 02:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-8960
Mitre link : CVE-2015-8960
CVE.ORG link : CVE-2015-8960
JSON object : View
Products Affected
netapp
- plug-in_for_symantec_netbackup
- oncommand_shift
- host_agent
- data_ontap_edge
- snapdrive
- smi-s_provider
- solidfire_\&_hci_management_node
- clustered_data_ontap_antivirus_connector
- snap_creator_framework
- snapprotect
- system_setup
- snapmanager
- chrome
ietf
- transport_layer_security
mozilla
- firefox
microsoft
- internet_explorer
opera
- opera_browser
apple
- safari
CWE
CWE-295
Improper Certificate Validation