Detections
Analytics

MS KB3155527: Update to Cipher Suites for FalseStart

medium Nessus Plugin ID 91045

Language:

Synopsis

The remote Windows host is affected by a cipher downgrade vulnerability.

Description

The remote Windows host is affected by a cipher downgrade vulnerability in FalseStart due to allowing TLS clients to send application data before receiving and verifying the server 'Finished' message. A man-in-the-middle attacker can exploit this to force a TLS client to encrypt the first flight of application_data records using an attacker's chosen cipher suite from the client's list.

Solution

Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3155527

Plugin Details

Severity: Medium

ID: 91045

File Name: smb_kb3155527.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 5/11/2016

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion

Patch Publication Date: 5/10/2016

Vulnerability Publication Date: 5/10/2016

Reference Information

MSKB: 3155527