- Home
- CVEs with nessus.description==Several fraudulent SSL certificates have been found in the wild issued
by the DigiNotar Certificate Authority, obtained through a security
compromise of said company. After further updates on this incident, it
has been determined that all of DigiNotar's signing certificates can
no longer be trusted. Debian, like other software distributors and
vendors, has decided to distrust all of DigiNotar's CAs. In this
update, this is done in the crypto library (a component of the OpenSSL
toolkit) by marking such certificates as revoked. Any application that
uses said component should now reject certificates signed by
DigiNotar. Individual applications may allow users to override the
validation failure. However, making exceptions is highly discouraged
and should be carefully verified.
Additionally, a vulnerability has been found in the ECDHE_ECDS cipher
where timing attacks make it easier to determine private keys. The
Common Vulnerabilities and Exposures project identifies it as
CVE-2011-1945.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top