Intrusion Prevention

TLS.DH.Downgrade.Cipher.Temp.Key.Security.Bypass

Description

This indicates an attack attempt against a Cryptographic Vulnerability in OpenSSL and Microsoft Windows.
The vulnerability is caused by a weak cryptographic primitive during negotiation phase between client and server. A remote attacker may be able to exploit this to break encryption keys and afterward decrypt traffics via man in the middle attack.

Affected Products

Any security primitives which support DH with 512 bits key

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue

CVE References

CVE-2015-4000