SSL Resume With Different Cipher Issue

info Nessus Plugin ID 58768

Synopsis

The remote host allows resuming SSL sessions with a different cipher than the one originally negotiated.

Description

The SSL implementation on the remote host has been shown to allow a cipher other than the one originally negotiated when resuming a session. An attacker that sees (e.g. by sniffing) the start of an SSL connection may be able to manipulate session cache to cause subsequent resumptions of that session to use a cipher chosen by the attacker.

Plugin Details

Severity: Info

ID: 58768

File Name: ssl_resume_different_cipher.nasl

Version: Revision: 1.1

Type: remote

Family: General

Published: 4/17/2012

Updated: 4/17/2012

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: SSL/Resume/Different