@ensis
2016-03-07T23:33:10.000000Z
字数 383
阅读 1579
cve
【网页】【paper】
Decrypting RSA with Obsolete and Weakened eNcryption
Conditions: SSLv2 is enabled or private key is used on other sslv2 enabled servers
Root cause: SSLv2 has no padding, unpadded RSA is malleable. 【cross-protocol Bleichenbacher padding oracle attack】
OpenSSL的另外两个实现问题使得这个漏洞影响更大: