SSL Resume With Different Cipher Issue

Info Nessus Plugin ID 58768

Synopsis

The remote host allows resuming SSL sessions with a different cipher than the one originally negotiated.

Description

The SSL implementation on the remote host has been shown to allow a cipher other than the one originally negotiated when resuming a session. An attacker that sees (e.g. by sniffing) the start of an SSL connection may be able to manipulate session cache to cause subsequent resumptions of that session to use a cipher chosen by the attacker.

Solution

n/a

Plugin Details

Severity: Info

ID: 58768

File Name: ssl_resume_different_cipher.nasl

Version: $Revision: 1.1 $

Type: remote

Family: General

Published: 2012/04/17

Modified: 2012/04/17

Dependencies: 51891

Risk Information

Risk Factor: Info

Vulnerability Information

Required KB Items: SSL/Resume/Different