virus logo FortiClient Vulnerability

OpenSSL CVE-2014-3572 Weak Encryption Vulnerability

description-logoDescription

Severity: LowAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuiteusing an ECDSA certificate if the server key exchange message is omitted. Thiseffectively removes forward secrecy from the ciphersuite.This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.OpenSSL 1.0.1 users should upgrade to 1.0.1k.OpenSSL 1.0.0 users should upgrade to 1.0.0p.OpenSSL 0.9.8 users should upgrade to 0.9.8zd.This issue was reported to OpenSSL on 22nd October 2014 by KarthikeyanBhargavan of the PROSECCO team at INRIA. The fix was developed by StephenHenson of the OpenSSL core team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2014-3572

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39816
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL