Padding Oracle Attack in OpenSSL

Padding Oracle Attack in OpenSSL

CVE-2011-4576 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

Learn more about our Web Application Penetration Testing UK.