Rapid7 Vulnerability & Exploit Database

FreeBSD: mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

FreeBSD: mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

01/04/2016

Created

07/25/2018

Added

01/08/2016

Modified

01/08/2016

Description

ARM Limited reports: MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack on TLS 1.2 server authentication. They have been disabled by default. Other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL.

Solution(s)

freebsd-upgrade-package-mbedtls
freebsd-upgrade-package-polarssl13

References

https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

FreeBSD: mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication

FreeBSD: mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.