Triple Handshake Vulnerability in EMC RSA BSAFE Micro Edition Suite and RSA BSAFE SSL-J

Triple Handshake Vulnerability in EMC RSA BSAFE Micro Edition Suite and RSA BSAFE SSL-J

CVE-2014-4630 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

Learn more about our Cis Benchmark Audit For Server Software.