Novell Access Manager Lets Remote Users Decrypt SSL/TLS Traffic
|
|
SecurityTracker Alert ID: 1026434 |
|
SecurityTracker URL: http://securitytracker.com/id/1026434
|
|
CVE Reference:
CVE-2011-3389
(Links to External Site)
|
Date: Dec 17 2011
|
Impact:
Disclosure of user information
|
Vendor Confirmed: Yes
|
Version(s): 3.1
|
Description:
A vulnerability was reported in Novell Access Manager. A remote user can decrypt SSL/TLS sessions in certain cases.
A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.
Thai Duong and Juliano Rizzo reported this vulnerability.
|
Impact:
A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.
|
Solution:
No solution was available at the time of this entry.
The vendor has provided some workaround advice in the advisory.
The vendor's advisory is available at:
http://www.novell.com/support/viewContent.do?externalId=7009901
|
Vendor URL: www.novell.com/support/viewContent.do?externalId=7009901 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (SuSE)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
