stunnel < 5.00 PRNG State Security Weakness
Medium Nessus Plugin ID 73212
SynopsisThe remote Windows host contains a program that is affected by a security weakness.
DescriptionThe version of stunnel installed on the remote host is prior to version 5.00. It is, therefore, affected by a security weakness due to the PRNG state not being reset for new connections where the server forks. A remote attacker can exploit this issue to disclose sensitive information, such as the private key used for EC (ECDSA) or DSA certificates.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to stunnel version 5.00 or later.