Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

ASA-202107-42 - log back

ASA-202107-42 edited at 20 Jul 2021 19:32:16

Workaround

-	Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
+	Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2
+	cipher suites without ECDHE), as well as TLS 1.3-only clients, are
+	unaffected.

ASA-202107-42 edited at 20 Jul 2021 08:56:34

Workaround

+	Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.

Impact

+	A man-in-the-middle attacker able to intercept a TLS negotiation could crash a TLS client by injecting a crafted invalid certificate.

ASA-202107-42 created at 20 Jul 2021 08:53:32