virus logo FortiClient Vulnerability

OpenSSL CVE-2015-0204 Weak Encryption Vulnerability

description-logoDescription

Severity: HighThis security issue was previously announced by the OpenSSL project andclassified as "low" severity. This severity rating has now been changed toThis was classified low because it was originally thought that server RSAexport ciphersuite support was rare: a client was only vulnerable to a MITMattack against a server which supports an RSA export ciphersuite. Recentstudies have shown that RSA export ciphersuites support is far more common.This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.OpenSSL 1.0.1 users should upgrade to 1.0.1k.OpenSSL 1.0.0 users should upgrade to 1.0.0p.OpenSSL 0.9.8 users should upgrade to 0.9.8zd.This issue was reported to OpenSSL on 22nd October 2014 by KarthikeyanBhargavan of the PROSECCO team at INRIA. The fix was developed by StephenHenson of the OpenSSL core team. It was previously announced in the OpenSSLsecurity advisory on 8th January 2015.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-0204

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39817
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL