Vulnerability: Small Subgroup Confinement Attack in Diffie Hellman Client Key Exchange Handling

Vulnerability: Small Subgroup Confinement Attack in Diffie Hellman Client Key Exchange Handling

CVE-2016-8635 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

Learn more about our Cis Benchmark Audit For Microsoft Exchange Server.