The TLS protocol 1.2 and previous versions supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle malicious users to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ietf transport_layer_security |
||
netapp snap creator framework - |
||
netapp data ontap edge - |
||
netapp snapdrive - |
||
netapp snapmanager - |
||
netapp smi-s provider - |
||
netapp host agent - |
||
netapp clustered data ontap antivirus connector - |
||
netapp solidfire \\& hci management node - |
||
netapp snapprotect - |
||
netapp oncommand shift - |
||
netapp plug-in for symantec netbackup - |
||
netapp system setup - |