A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500
CVSS
No CVSS.
References
Configurations
No configuration.
History
28 Aug 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
27 Aug 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-284 |
27 Aug 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-27 19:15
Updated : 2024-08-28 12:57
NVD link : CVE-2024-5814
Mitre link : CVE-2024-5814
CVE.ORG link : CVE-2024-5814
JSON object : View
Products Affected
No product.
CWE
CWE-284
Improper Access Control