Main Vulnerability Database Exploits ID:397 - Exploit for Information disclosure in OpenSSL - CVE-2016-2183

ID:397 - Exploit for Information disclosure in OpenSSL - CVE-2016-2183

Published: March 18, 2020

Vulnerability identifier: #VU370

Vulnerability risk: Low

CVE-ID: CVE-2016-2183

CWE-ID: CWE-327

Exploitation vector: Remote access

Vulnerable software:
OpenSSL

Link to public exploit:

https://www.exploit-db.com/exploits/42091/

Vulnerability description

The vulnerability allows a remote attacker to decrypt transmitted data.

The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.

Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.

Remediation

Update to version 1.1.0.

ID:397 - Exploit for Information disclosure in OpenSSL - CVE-2016-2183

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human