CVE-2001-1105
N/A
N/A
Summary
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.cisco.com/warp/public/707/SSL-J-pub.html
- http://www.securityfocus.com/bid/3329
- http://www.ciac.org/ciac/bulletins/l-141.shtml
- http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7112
References
- http://www.cisco.com/warp/public/707/SSL-J-pub.html
- http://www.securityfocus.com/bid/3329
- http://www.ciac.org/ciac/bulletins/l-141.shtml
- http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7112
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.