The renegotiation process of the SSL encryption is vulnerable. It allows two negotiations to be handled by different parties. This leaves your data vulnerable to Man-In-The-Middle attacks.
Security Assessment
CVSS Vector: AV:N/AC:M/AU:N/C:N/I:P/A:P
Vulnerability Information
The renegotiation process of the SSL encryption is vulnerable. It allows two negotiations (one before the renegotiation, and one after) to be handled by different parties. This leaves the data vulnerable to Man-In-The-Middle attacks.
Guides
Tho problems in the renegotiation protocol have been fixed in the SSL implementations and do not appear in recent protocol versions. Therefore make sure that you use a Secure TLS Configuration and update OpenSSL to the latest version.
E.g. run:
apt-get update; apt-get upgrade # Debian / Ubuntu
yum update # RHeL / CentOS
pacman -Syu # Arch Linux
For more information about Crashtest Security visit crashtest-security.com
