module

OpenSSL DTLS ChangeCipherSpec Remote DoS

Disclosed
2000-04-26
Created
2018-05-30

Description

This module performs a Denial of Service Attack against Datagram TLS in OpenSSL
version 0.9.8i and earlier. OpenSSL crashes under these versions when it receives a
ChangeCipherspec Datagram before a ClientHello.

Authors

Jon Oberheide [email protected]
theLightCosine [email protected]

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


msf > use auxiliary/dos/ssl/dtls_changecipherspec
msf auxiliary(dtls_changecipherspec) > show actions
...actions...
msf auxiliary(dtls_changecipherspec) > set ACTION < action-name >
msf auxiliary(dtls_changecipherspec) > show options
...show and set options...
msf auxiliary(dtls_changecipherspec) > run

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.