virus logo FortiClient Vulnerability

OpenSSL CVE-2015-0205 Weak Encryption Vulnerability

description-logoDescription

Severity: LowAn OpenSSL server will accept a DH certificate for client authenticationwithout the certificate verify message. This effectively allows a clientto authenticate without the use of a private key. This only affects serverswhich trust a client certificate authority which issues certificatescontaining DH keys: these are extremely rare and hardly ever encountered.This issue affects OpenSSL versions: 1.0.1 and 1.0.0.OpenSSL 1.0.1 users should upgrade to 1.0.1k.OpenSSL 1.0.0 users should upgrade to 1.0.0p.This issue was reported to OpenSSL on 22nd October 2014 by KarthikeyanBhargavan of the PROSECCO team at INRIA. The fix was developed by StephenHenson of the OpenSSL core team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-0205

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39818
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL