CVE-2020-1968
Description
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-1968 are fixed in OpenSSL 1.0.2w | Windows |
| Vulnerabilities CVE-2020-1968 are fixed in OpenSSL (x64) 1.0.2w | Windows |
| Vulnerabilities CVE-2020-1968 are fixed in Duo Security Authentication Proxy (6.0.2) | Windows |
| Vulnerabilities CVE-2020-1968 are fixed in Duo Security Authentication Proxy 5.0.2 | Windows |
| Vulnerabilities CVE-2020-1968 are fixed in Duo Security Authentication Proxy 5.0.1 | Windows |
| Vulnerabilities CVE-2020-1968,CVE-2021-1492 are fixed in Duo Security Authentication Proxy 5.1.0 | Windows |
| Vulnerabilities CVE-2020-15523,CVE-2020-1968 are fixed in Duo Security Authentication Proxy 5.0.0 | Windows |
| Vulnerabilities CVE-2020-1968,CVE-2021-1492 are fixed in Duo Security Authentication Proxy 5.0.2 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.56 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.56 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4504-1) libssl1.0.0_1.0.2n-1ubuntu5.4_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4504-1) libssl1.0.0_1.0.2n-1ubuntu5.4_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4504-1) libssl1.0.0_1.0.2g-1ubuntu4.17_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4504-1) libssl1.0.0_1.0.2g-1ubuntu4.17_amd64.deb | Linux |
| Observable Discrepancy Vulnerability (CVE-2020-1968) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-331885 | Duo Security Authentication Proxy (6.0.2) |
| PATCH-338054 | Duo Security Authentication Proxy (6.4.0) |
| PATCH-338227 | Duo Security Authentication Proxy (6.4.1) |
| PATCH-342393 | Duo Security Authentication Proxy (6.4.2) |
| PATCH-342393 | Duo Security Authentication Proxy (6.4.2) |
| PATCH-347413 | Duo Security Authentication Proxy (6.5.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234