Thursday, January 18, 2007

Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability

Via Cisco.com.

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) and the Cisco Adaptive Security Device Manager (ASDM) do not validate the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates or Secure Shell (SSH) public keys presented by devices they are configured to connect to.

Malicious users may be able to use this lack of certificate or public key validation to impersonate the devices that these affected products connect to, which could then be used to obtain sensitive information or misreport information.

More here.

0 Comments:

Post a Comment

<< Home