Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)

Disclosed: 2016-06-01 03:39:41 By dadrian To ibb

Unknown

Vulnerability Details

This is a retroactive submission of CVE-2016-0703, a.k.a. the "Extra Clear" bug, which can lead to the Special DROWN variant of the DROWN attack. After some discussion with the other DROWN authors, I'm submitting on behalf of myself (David Adrian) and J. Alex Halderman the vulnerability CVE-2016-0703, which was acknowledged by OpenSSL as Sev:High at https://www.openssl.org/news/secadv/20160301.txt.

Actions

View on HackerOne

Report Stats

Report ID: 138179
State: Closed
Substate: resolved
Upvotes: 4

Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)

Vulnerability Details

Actions

Report Stats

Share this report