Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Windows: information disclosure via Schannel

May 2015 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker, located as a Man-in-the-Middle, can force the Windows
Schannel client to accept a weak algorithm, in order to more
easily capture or alter exchanged data.

Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2,
Microsoft Windows 2012, Windows 7, Windows 8, Windows RT, Windows
Vista

Severity: 1/4

Creation date: 12/05/2015

DESCRIPTION OF THE VULNERABILITY

The SChannel (Secure Channel) SSP implements the SSL and TLS
protocols, which are used to authenticate the client/server and to
create a secured tunnel.

The TLS protocol uses a series of messages which have to be
exchanged between the client and the server, before establishing a
secured session. Several cryptographic algorithms can be
negotiated. However, Schannel accepts Diffie-Hellman Ephemeral
keys of 512 bits only.

An attacker, located as a Man-in-the-Middle, can therefore force
the Windows Schannel client to accept a weak algorithm, in order
to more easily capture or alter exchanged data.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Windows-information-disclosure-via-Schannel-16896


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts